This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

WLAN Capture setup

i'm after the same goal: identifying a single machine on the network that may be using a lot of bandwidth. i have Wireshark doing a Capture in Promiscuous mode, supposedly capturing all the traffic on the WLAN. but my phone, which has been streaming Pandora for hours, only shows as having transmitted 138 bytes. can anyone point me in the right direction to improve my reading? this is the first time i've used Wireshark or any packet sniffer. i'm not sure if my Capture is setup incorrectly or if i just don't know enough to read the output.

capture wlan

asked 09 Apr '13, 17:26

mctrout
11●1●1●2
accept rate: 0%

converted to question 10 Apr '13, 01:48

grahamb ♦
19.8k●3●30●206

2 Answers:

0	Have you looked at the Wiki page for WLAN Capture setup? answered 10 Apr '13, 01:49 grahamb ♦ 19.8k●3●30●206 accept rate: 22%

Why capture the WLAN traffic? Wouldn't it be easier to capture at the LAN port (ethernet) of the internet router via a TAP or a switch mirror port?

http://wiki.wireshark.org/CaptureSetup/Ethernet

At that position you will get the whole internet traffic and you should be able to easily identify the bandwidth eaters (Statistics -> Endpoints -> IP, or other Wireshark statistics modules).

Regards
Kurt

answered 10 Apr '13, 06:12

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%

If it's a home system, then it's likely the router is combined with the AP and doesn't provide any port mirroring. We'll have to wait for more info from the OP.

(10 Apr '13, 08:46) grahamb ♦

If it's a home system, then it's likely the router is combined with the AP and doesn't provide any port mirroring.

Good point!

(10 Apr '13, 08:59) Kurt Knochner ♦