Wireshark-users: Re: [Wireshark-users] WLAN capture in Mac OSX - no IP packets
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 16 Jun 2010 19:17:17 -0700
On Jun 16, 2010, at 6:45 PM, Alexandre Takacs wrote:

> I'd like to do packet capture on my WiFi network (which I have joined). I am only interested in data packets (specifically traffic form my iPhone).
> 
> I've installed WireShark and managed to have capture running in promiscuous mode. However I only see UDP packets from other devices, no IP...

So what is the UDP traffic running over if it's not IP? :-)

I.e., what do you mean by "no IP packets"?  Do you mean "no TCP packets"?

If so, you're probably seeing only broadcast traffic.  The Wi-Fi adapters might not work in promiscuous mode; if you want to see traffic to and from other hosts, you might need to use monitor mode.

If you're running on Tiger, try capturing on wlt1 rather than en1.  If you're running on Leopard, try selecting 802.11 or 802.11+radio information headers.  If you're running on Snow Leopard, then either try that or, if there's a checkbox for monitor mode, try checking that.

Note that if your network is encrypted, you might have to capture the initial setup packets when the other machines join the network, and enter the password for the network, so that traffic to or from other machines can be decrypted.