Hi, I have a MacBookPro3,1 (OS X 10.8.5) on an Airport Extreme network. I am running Wireshark 1.10.2. The problem I have is that I only see traffic directed to/from my system, despite the fact I know that there is other traffic on the WiFi network (such as from an identical MBP next to the one running WireShark and streaming traffic to Apple TV). I will qualify that by saying that I see broadcast and multicast traffic from other devices (ARP, MDNS, etc.), but no point-to-point traffic. The network is secured with WPA2 password. The laptop's wireless interface (en1) is in promiscuous mode. But, I only see my own traffic. All devices are on the 5GHz network. Any idea what I may be doing wrong? TIA! asked 27 Sep '13, 19:45  Human31 |
One Answer:
I have tried enabling monitor mode, and it simply adds to the mix the AP's broadcast frames, and my MPB's layer 2 traffic (protocol 802.11). If I filter on wlan.addr for my MAC, I get all my traffic, both IP and layer 2. If I filter on the MAC for any other system on the network that is actively sending/receiving, I only get the IP broadcast or multicast traffic that originates from those systems. I see none of their layer 2 traffic and none of their other IP traffic. Bottom line: For some reason it is acting as if my wireless interface is not getting set to promiscuous mode. However, the interface clearly thinks it is in promiscuous mode: $ ifconfig en1 en1: flags=8963 UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 Any other ideas? PLEASE!! I should add that I never had problems under Snow Leopard, that it only started after an upgrade to Mt. Lion (a year ago?) and I have ignored the problem until now, but I'm desperate to get it working to help debug some other aving. TIA! answered 28 Sep '13, 02:04 Human31 |
Is it in monitor mode? (If the traffic you're capturing has Ethernet headers, it's not in monitor mode.)