This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture filter for WLAN

0

I am doing analysis of WiFi traffic between my device and the AP. I let wireshark run overnight, but my disk fills up and wireshark crashes. I was hoping someone could tell me how to build a filter that filters the capture for any traffic to/from a particular MAC?

Thanks Anon

asked 31 Jan '14, 18:45

YIleKu's gravatar image

YIleKu
11112
accept rate: 0%

One Answer:

0

You can use a capture filter to capture data frames to/from a mac address:
Example:
wlan host 04:1e:64:ea:c3:ef and type data

You can find more examples in my article Wireshark: Wireless Display and Capture Filters Samples part 2

answered 01 Feb '14, 00:04

joke's gravatar image

joke
1.3k4934
accept rate: 9%

thank you. I want to capture all frames management and data to and from my host. Actually my host has two mac addresses. M

(01 Feb '14, 08:49) YIleKu

It looks like this filter captures traffic that has a source address of the mac listed. Is there a way to capture any traffic to or from this host? thank

(09 Feb '14, 11:51) YIleKu