This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm trying to test Wireshark's / my computer's ability to capture WiFi packets to and from other computers on the same WiFi network.

When I capture in promiscuous non-monitor mode, I get full TCP/IP stack data, including HTTP data. However, I only see data from my computer. So I try promiscuous + monitor mode + network decryption key. When I do this, I see tons of broadcast 802.11 protocol records, but no HTTP, ICMP, or DHCP packets.

I'm not interested in seeing radio headers, just high level TCP/IP data pertaining to other computers on the network.

Am I doing something wrong?

System:

  • Wireshark 1.10.7
  • Mac OS X 10.9.2 Mavericks
  • 13" mid-2013 MacBook Air, Intel Haswell Core i7

asked 23 Apr '14, 00:11

mcandre's gravatar image

mcandre
56114
accept rate: 0%

I have the same issue, did you ever get this working?

(24 Jul '14, 15:30) nibeck

No, I never did :( I would have most definitely posted the solution if I found one, I hate when people post 'fixed it' without saying how.

(24 Jul '14, 19:58) mcandre

Do you see non-broadcast 802.11 packets? (Check the destination MAC address.)

(11 Sep '14, 14:11) Guy Harris ♦♦
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×86
×53
×43

question asked: 23 Apr '14, 00:11

question was seen: 2,188 times

last updated: 11 Sep '14, 14:11

p​o​w​e​r​e​d by O​S​Q​A