I am trying to open a .cap file using Wireshark. I am facing problems with respect to the source and destination IP addresses. I obtained this .cap file by capturing network traffic using Microsoft Network Monitor. The .cap file when opened in Network Monitor displays the corresponding IP addresses. How to I obtain the same in Wireshark?
asked 04 Apr '11, 10:41  Bruce |
2 Answers:
To see IP addresses, Wireshark has to see IP traffic. It's saying "IEEE 802.11", which means Wireshark is seeing the 802.11 headers, but it's not seeing anything past that, such as IP headers. Is that traffic encrypted (WEP, WPA, WPA2)? If so, to see IP traffic, Wireshark needs to be able to decrypt the traffic, so you'd have to tell it the password for the network; see the How To Decrypt 802.11 page in the Wireshark Wiki. answered 05 Apr '11, 14:06  Guy Harris ♦♦ |
That depends on name resolution settings, see here. answered 04 Apr '11, 22:32  Jaap ♦ @Jaap: How do I enable ARP name resolution. I can't see it in preferences. Or did ARP name resolution fail in my case? (05 Apr '11, 05:56) Bruce |
@Guy: Yes the traffic is encrypted. Also I should have mentioned this in the question but I connect to The Internet via a wireless AP.