Wireshark · Wireshark-users: [Wireshark-users] Using filter in sniffing a wireless LAN

Wireshark-users: [Wireshark-users] Using filter in sniffing a wireless LAN

From: Mark Ryden <markryde@xxxxxxxxx>

Date: Tue, 3 Feb 2009 09:07:10 +0200

Hello,
   I have wireshark-1.0.3-1.fc10.
After putting a wireless nic into monitor mode, I try to sniff with a
filter for 1 minute thus:

"tshark -R "wlan.fc.type_subtype eq 4" -i wlan0 -w out.eth"

The filter "wlan.fc.type_subtype eq 4" means capturing only probe
request packets.

I am getting on the command line this output:
Capturing on wlan0
3

which means that it captured 3 packets. Indeed only 3  probe request
packets while the sniffer
was running. However, when I open with wireshark the sniff file that
was created by this sniff (out.eth) I see indeed this 3 packets but I
see many more packets - Beacons and Data.
In fact, I see 220 packets.

Why is it so ? Is it a BUG ?  Or is something missing in my filter?

Rgs,
Mark

Follow-Ups:
- Re: [Wireshark-users] Using filter in sniffing a wireless LAN
  - From: matt roberts

Prev by Date: Re: [Wireshark-users] can't capture on my linux
Next by Date: [Wireshark-users] tshark -e field to print TP-User-Data in gsm_sms
Previous by thread: Re: [Wireshark-users] can't capture on my linux
Next by thread: Re: [Wireshark-users] Using filter in sniffing a wireless LAN
Index(es):
- Date
- Thread