how come i only get one protocol in wireshark capture. the protocols i got first time was only "802.11" the protocols i got 2nd time was only "usb" i want to capture everything. i am using alfa wifi device to capture how do i capture everything, smtp, tcp, dns, ...??????????? asked 15 Jul '13, 15:44  Freddy Krueger |
2 Answers:
Since when capturing wireless data everything is encapsulated withing 802.11 headers, you shouldn't wonder about seeing lots of these as protocol marks. The other mentioned high layer procotols are within 802.11 encapsulation and can be interpreted as such given either capturing on non-encrypted networks or supplying the respective WEP/WPA key to wireshark. For more information on how to configure use the search function inside this QA site or see here answered 15 Jul '13, 16:49  Landi |
You're probably capturing in monitor mode on a protected network (WEP or WPA/WPA2). You will either have to capture without monitor mode (meaning you will only see traffic to and from your machine) or tell Wireshark the password for your network and, for WPA/WPA2, make sure you capture the initial "EAPOL handshake" for each device whose traffic you want to see. (The whole point of WEP and WPA/WPA2 is to make it hard to sniff traffic!) See the Wireshark Wiki's page on "How to Decrypt 802.11" for details.
Are you sure you were capturing on your 802.11 device when that happened? I suspect you were capturing on a "usbmon" device; those devices have names such as answered 15 Jul '13, 16:56  Guy Harris ♦♦ |
On what interfaces are you capturing on? You can check by going to "Capture -> Interfaces" or directly to "Interfaces List" from the home wireshark program.