Networking – Capturing wireless traffic (using Wireshark)


When I run wireshark on a wired network it works fine and reports all of the packets.
When I run it on a wireless network though I only see my own traffic. The wireless card I have is supposed to support packet capture and go into premiscous mode, but I don't see any other system traffic.

What is wrong?

Best Answer

Look at Wi-Fi (WLAN, IEEE 802.11) on the Wireshark Wiki page.

See the CaptureSetup/WLAN page for instructions how to capture from WLAN's (including monitor mode), and see the CaptureSetup page for general information on capturing on WLAN's and other media.

Going further, if you are using Windows (are you?)

Capturing WLAN traffic on Windows depends on WinPcap and on the underlying network adapters and drivers. Unfortunately, most drivers/adapters support neither monitor mode, nor seeing 802.11 headers when capturing, nor capturing non-data frames.

Promiscuous mode can be set; unfortunately, it's often crippled. In this mode many drivers don't supply packets at all, or don't supply packets sent by the host.
If you experience any problems capturing packets on WLANs, try to switch promiscuous mode off. In this case you will have to capture traffic on the host you're interested in.

The AirPcap adapters from CACE Technologies allow full raw 802.11 captures under Windows, including radiotap information.

Here is another reference you might want to read up.
A Quick Intro to Sniffers:
Wireshark/Ethereal, ARPSpoof, Ettercap, ARP poisoning and other niceties.