Hi all first, I'll detail my system: dell studio 1749 laptop,running Win 7 x64 home premuime. wireless card is Intel centrino 6200. I'm running the wireshark from the laptop and i'm able to watch my own traffic. can't see all the network traffic. asked 21 Nov '10, 08:06  Tamir |
One Answer:
Thing with wireless cards and windows as OS is pretty simple: There is a 99.9% chance that your wireless NIC driver cannot put your card into the "promisuous mode" aka "monitor mode" for wireless cards. Wireshark can try to talk your wireless NIC into delivering every frame it sees - but since wireshark can only kindly "ask" the driver to perform that task, there is no guarantee that this will actually happen. You can easily see the difference, when you look for "IEEE 802.11" in the protocol column. If your NIC support monitor mode, there will be lots of frames and if it cannot, you won't see any - even those which are addressed to your card! You can only see your "traffic" from the layers above your wireless L2 communication. This is the situation under windows except you go and purchase some of the dedicated sniffing cards like for example the ones from Cacetech. Under Linux, drivers are much more open to control, so there are possibilities (and tools) to talk your driver into entering monitor mode. Don't ask me why that driver related control is an issue under windows - might be that vendor provided drivers simply do not enable that functionality by default, but I am just guessing. answered 22 Nov '10, 03:05  Landi |
well, I do catch my own traffic, many kinds of protocols: http/udp and many others protocol i'm not familiar with.
Using wireshark, can I watch others users at the same network? like when I'm using my laptop and someone else using the PC and we are on the same router, can I watch his transportation? is it matter if the router uses WEP or WPA ? thanks
If your NIC supports monitor mode, Wireshark will not be able to put it into monitor mode; on Windows, Wireshark uses WinPcap to capture network traffic, and WinPcap doesn't support the mechanism added in Windows Vista, and supported in Windows 7 as well, to put 802.11 network adapters into monitor mode. You'd need an AirPcap adapter from CACE Technologies for that.
thanks, but I was looking for a solution without purchasing any new hardware adapters. I want to use the exist configuration and use the monitor mode. the NIC suppose to support by the documentation, so it's only driver issue?
No, it's a WinPcap issue - WinPcap does not support the new mechanisms, added in Windows Vista and also present in Windows 7, for putting adapters into monitor mode on Windows.