Hi, I want to use wireshark to sniff all the packages that are sent and received in my local network. The machine running wireshark is wired and all the other devices on the network use Wifi. Every article that I read says you need to place your network adapter in monitor mode to capture traffic not meant for me, but monitor mode only applies to wireless network adapters. So how does it work when I want to capture wireless traffik to and from the router when I am connected with a cable? Thanks asked 09 Jul '14, 08:05  Rajiv |
One Answer:
Does your setup look like this? If yes, then you cannot capture data of the wireless clients, as the packets will never be sent to the ethernet port of your Wireshark PC, unless they are talking to your IP address or if it is broadcast/multicast traffic. The reason is: There is an internal switch in your wireless router that works like a real switch. See the Wiki for an explanation If you need to see wireless traffic, you really need to capture the wireless traffic, which is done by enabling monitor mode of the wifi adapter. Please read the Wiki Please be aware, that monitor mode on Windows does not work with Wireshark/WinPcap alone, as you'll need special hardware (AirPcap - search this site for it). Alternatively you can run Linux on your Wireshark PC, where it's usually much easier to enable monitor mode (see the Wiki). Regards answered 09 Jul '14, 08:14  Kurt Knochner ♦ |
Or run another sniffer on Windows that supports monitor mode; if you want to read those captures in Wireshark, that might still be possible (Wireshark can read captures from Microsoft Network Monitor, for example).