This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can’t capture packets on Wi-Fi

Hi, I have a problem capturing packets on my wi-fi device.

I have 2 computers - the first one is an access point and it sends a signal to the second computer. The signal is protected with wpa-psk password. Wireshark is installed on the first computer on which I want to see packets from the second computer. But I don't see them and I don't know why.

A step by step description of what I did:

Reinstalled Windows 7 (64-bit). Installed 64-bit Wireshark and that add-on thingy that comes with it. In Wireshark's Interface List there was only Local Area Connection because Windows didn't recognize my USB wi-fi adapter. Downloaded and installed appropriate wi-fi driver and after that Wireshark added Wireless Network Connection to the Interface list. Promiscuous mode was turned on by default.
edit -> preferences -> capture -> default interface: wi-fi device
protocols -> IEE 802.11: entered both wpa-psk and wpa-pwd keys and checkhed enable decryption

After I click "Start", Wireshark receives packets only for Local Area Connection. There are 0 packets coming for my wi-fi device and I don't know why. I can choose to see Local Area Connection traffic, but it only shows traffic on my computer and I don't want that. Btw, the icon of my Wireless Network Connection in Wireshark is the same as of Local Area Connection (I think it should have an icon of antenna)...

Additional info:

Wi-fi device: TP-Link TL-WN722N (Atheros chipset), driver downloaded from official website
Network adapter: NVIDIA nForce 10/100 Mbps Ethernet
I have tried Wireshark on Linux Ubuntu on the same computer and it worked without any problem, but now I deleted Linux and have only Windows left, and I need it for Windows. I am a newbie with Wireshark, so I apologize if this is trivial question, but I tried many things and nothing made it work, so I ask here. Any help appreciated!

ip config (copy/paste):

Windows IP Configuration

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::20df:7d9e:ed40:91ae%11 IPv4 Address. . . . . . . . . . . : 192.168.1.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter isatap.{8353D0C0-BDC2-407A-B67D-1C43CE182F41}:

Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1811:6551:43fd:f38e Link-local IPv6 Address . . . . . : fe80::1811:6551:43fd:f38e%13 Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{170C612B-CC07-4916-9E68-82EFDB3ED1EA}:

Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :

capture wifi packets

asked 31 Oct '13, 13:51

myrddin
11●7●8●10
accept rate: 0%

One Answer:

... Windows ...

Wi-Fi capturing doesn't work well on Windows with WinPcap, and Wireshark uses WinPcap to do capturing. You'd need an AirPcap card or need to run Linux or *BSD.

answered 31 Oct '13, 17:40

Guy Harris ♦♦
17.4k●3●35●196
accept rate: 19%

Are you sure it is because of Windows? Because there is a version of Wireshark specifically designed to work under Windows and if it wouldn't work why would they put it on their website. But hey, what do I know...

(01 Nov '13, 05:41) myrddin

Did you look at the link posted by Guy? It explains all the issues.

(01 Nov '13, 05:53) grahamb ♦

and if it wouldn't work why would they put it on their website

I guess one of those guys who put it on 'their' website is @Guy Harris ;-))

(01 Nov '13, 05:58) Kurt Knochner ♦

Oh OK, I guess he knows his stuff then :)

So, Linux, we meet again.

(01 Nov '13, 06:58) myrddin