Wireshark-users: Re: [Wireshark-users] Newbie question
From: "Tom Maugham" <Thomas@xxxxxxxxxxx>
Date: Sun, 23 Sep 2007 19:25:03 -0400
-----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok Sent: Sunday, September 23, 2007 6:19 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Newbie question On Sun, Sep 23, 2007 at 05:38:57PM -0400, Tom Maugham wrote: > Thanks for the info... > > It appears that I have two problems: > 1) The adapter in my laptop needs to be > set to promiscuous mode and I cannot see any way to do that Not quite, Wireshark puts the capturing interface it uses in promiscuous mode by default. Unfortunately a lot of wlan-drivers don't pass the packets that are not destined to the card to the system when the card is put into promiscuous mode. In short, you will only see the packets to and from your own pc instead of all the packets on the wire^H^H^H^Hair Sometimes it's even worse, the driver will not send any packets to the system when the card is put in promiscuous mode. In those cases you need to disable "Capture in promiscuous mode" in the capture options screen to be able to see your own packets in wireshark. That's what appears to be the case. Is there any way around this? > and 2) I won't > be able to see packets to/from the hard-wired pc. Is that correct? Not quite ;-) What I meant was that if you use to wired PC to capture the packets instead of the wireless PC, you will also not see the all the packets. This is because the PC is connected to a switch, which learns to which of it's ports each system is connected to and only forwards traffic destined for the connected system(s) out a port. You might want to read the Wiki-article about that again. It will give you some insight in what kind of traffic you can expect when you connect the PC to some type of device. It appears that I must use the wired pc to see the traffic to/from that pc which unfortunately I cannot do. I can only use the laptop. Hope this helps, Cheers, Sake > -----Original Message----- > From: wireshark-users-bounces@xxxxxxxxxxxxx > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok > Sent: Sunday, September 23, 2007 2:23 PM > To: Community support list for Wireshark > Subject: Re: [Wireshark-users] Newbie question > > On Sun, Sep 23, 2007 at 02:03:09PM -0400, Tom Maugham wrote: > > I have just installed Wireshark on a laptop which I want to use to monitor > > my home network. My setup is three desktops connected to a Westell 327W > > Verizon DSL wirless router. One desktop is hardwired and the other two and > > the laptop are wireless. The hard-wired desktop is using XP Pro SP2 and > all > > the other desktops and the laptop are XP Home SP2. > > > > When I initiate Wireshark on the laptop it seems to see everything that is > > occurring on the laptop but not very much on the other PCs. Why is that? > Am > > I expecting too much from Wireshark or do I not have it configured > properly? > > Have a look at http://wiki.wireshark.org/CaptureSetup/WLAN : > > ----- <quote> ----- > Capturing WLAN traffic on Windows depends on WinPcap and on the underlying > network adapters and drivers. Unfortunately, most drivers/adapters support > neither monitor mode, nor seeing 802.11 headers when capturing, nor > capturing non-data frames. > > Promiscuous mode can be set; unfortunately, it's often crippled. In this > mode many drivers don't supply packets at all, or don't supply packets sent > by the host. > ----- </quote> ----- > > Also when you try to capture all the traffic on the PC with the hard-wired > connection, you won't see all the packets since the network is switched. > Have a look at http://wiki.wireshark.org/CaptureSetup/Ethernet for > more details on what traffic you are able to see on which type of > network-connections. > > Hope this helps, Cheers, > > > Sake > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users
- Follow-Ups:
- Re: [Wireshark-users] Newbie question
- From: Guy Harris
- Re: [Wireshark-users] Newbie question
- References:
- Re: [Wireshark-users] Newbie question
- From: Sake Blok
- Re: [Wireshark-users] Newbie question
- Prev by Date: Re: [Wireshark-users] Newbie question
- Next by Date: [Wireshark-users] Stats Inconsistencies
- Previous by thread: Re: [Wireshark-users] Newbie question
- Next by thread: Re: [Wireshark-users] Newbie question
- Index(es):