This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to use capture wifi packets coming over air using laptop(inbuilt wifi)

0

I want to use wireshark software on windows 7 without external pcap dongle.

asked 02 Sep '13, 05:18

maheshbabu's gravatar image

maheshbabu
1111
accept rate: 0%

One Answer:

3

See the Windows section of this page http://wiki.wireshark.org/CaptureSetup/WLAN for some info.

answered 02 Sep '13, 07:00

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

Unfortunately, changing the 802.11 capture modes is very platform/network adapter/driver/libpcap dependent, and might not be possible at all (Windows is very limited here).

Windows section explains capturing wlan packets using external adapters(Airpcap or intel)

(03 Sep '13, 05:23) maheshbabu

You can probably still capture wireless data packets with your internal adapter; you just won't get the WLAN management, etc. frames and you'll get fake Ethernet headers. If that's not good enough to meet your needs, then you'll have to look for an alternate solution.

If you're not willing or able to purchase an Airpcap adapter, then just about the only other thing I can think of (which may or may not work) is to install a Linux VM on your Windows machine and see if capturing from within the Linux VM gives you what you want. This is a technique used for USB capturing; I don't know if it will work for WLAN too. Your level of success may depend on your wireless chipset.

(03 Sep '13, 08:09) cmaynard ♦♦

(Windows is very limited here).

You may have missed the important part, thus I rephrase it here.

Cite: Monitor mode is not supported by WinPcap, and thus not by Wireshark or TShark, on Windows.

So, no luck on Windows without special hardware (Airpcap), at least for monitor mode (sniffing traffic of other nodes).

(03 Sep '13, 08:22) Kurt Knochner ♦

But from within a Linux VM, would the Linux driver be able to place the adapter into monitor mode (assuming the adapter is supported for Linux)? WinPcap wouldn't apply in this case, right?

In any case, maybe using Microsoft Network Monitor instead of Wireshark is the way to go. See Guy's answer to this question.

(03 Sep '13, 08:40) cmaynard ♦♦

But from within a Linux VM, would the Linux driver be able to place the adapter into monitor mode (assuming the adapter is supported for Linux)? WinPcap wouldn't apply in this case, right?

If the virtual machine is running, and you tell the VM software (VMware Workstation, Parallels Workstation, VirtualBox) to attach the adapter to the virtual machine rather than to the Windows host, you should be able to capture in monitor mode on the Linux virtual machine, if there's a Linux driver for it and it supports monitor mode.

(03 Sep '13, 22:12) Guy Harris ♦♦

But from within a Linux VM, would the Linux driver be able to place the adapter into monitor mode (assuming the adapter is supported for Linux)? WinPcap wouldn't apply in this case, right?

As the OP mentioned inbuilt adapters (he does not want to use external 'dongles') the answer would be:

  • with an inbuilt adapter it will not work with a virtual machine, as you cannot map arbitrary hardware into a virtual machine
  • with a USB adapter it will work (based on personal experience with VMware - other virtualization tools may work as well) as you can map a USB device into the virtual machine. The Forum of Kali, BackTrack and Aircrack-NG list several USB wifi adapters that support monitor mode.

Maybe the OP simply does not want to use an 'expensive' external WLAN adapter (AirPcap) and did not think about cheap USB adapters.

(03 Sep '13, 23:40) Kurt Knochner ♦
showing 5 of 6 show 1 more comments