Wireshark-bugs: [Wireshark-bugs] [Bug 10177] Cannot see packets in Wireshark properly for 11ac c
Date: Fri, 13 Jun 2014 01:35:27 +0000

Comment # 7 on bug 10177 from
(In reply to comment #4)
> One observation is that when same thing tried with Omnipeek (loaner) works
> fine and can see all the TCP data/ack packets.

OmniPeek receives those packets by setting up a socket to listen on the UDP
port to which the AP is sending the packets.  That means that

    1) only packets to that port will be seen;

    2) IP reassembly will be done by the OS networking stack;

so there's no capture filter involved, and OmniPeek doesn't have to worry about
missing fragments other than the first fragment or doing the reassembly itself
or dealing with link-layer, IP, or UDP headers.

Wireshark just captures raw network packets, and has to deal with all of those.

There is work in progress to add "remote capture" mechanism support to
libpcap/WinPcap, and, when finished, that should be able to support capturing
using PEEKREMOTE the same way that OmniPeek supports it.  That will allow
Wireshark, TShark, dumpcap, tcpdump/WinDump, and other programs that use
libpcap/WinPcap (and that have been enhanced to use the new APIs that will be
required to support remote capture) will be able to capture 802.11 traffic the
same way OmniPeek does.  There is no schedule for when that will be done.


You are receiving this mail because:
  • You are watching all bug changes.