I am using an older USB AirPcap dongle to sniff WiFi signals. In Wireshark I can capture Source and Destination MAC ID's but when I edit the column to capture/display IP source or destination port, the capture continues but the column I edited is blank. I want to be able to filter and search for IP addresses. asked 31 Jan '16, 15:54  Miguel1234 |
3 Answers:
The MAC address is used by both 801.11 and Ethernet protocol. From your screenshots it is clear that you can see the MAC addresses at 802.11 level. If the WLAN you capture uses encryption, then everything in the frames above the 802.11 level is encrypted, i.e. including the IP addresses. So if it does use encryption, search through this site for "wireless decryption", "802.11 decryption", "WPA decryption", "EAPOL" etc. to find out what you have to do to get access to the payload. And specifically for your case, as you use multi-SSID mode, you have to tell Wireshark the SSID and passphrase for all SSIDs whose traffic you wish to decrypt. answered 31 Jan '16, 23:00  sindy |
Hi Miguel, I think your problem lies in the router. The fact that you can't see IP addresses in your wireshark capture, but can see MAC addresses, tells me that (1) your switch is working but (2) your router isn't. Make sure you are connected to the internet, and then try the wireshark capture again. answered 31 Jan '16, 16:29  DanielChen
(31 Jan '16, 17:30) Miguel1234 Hi Miguel, If you look and see the text above the pictures you took, I think you'll see the words "Wireless controls are not supported in this version of Wireshark." Is it possible that you could update to a newer version of Wireshark that would still allow you to use AirPCAP while also letting you see internet traffic? (31 Jan '16, 17:39) DanielChen That is why I made sure I included that text in my response. I wasn't sure if that was the problem. I just downloaded Wireshark today but will look again. thx. (31 Jan '16, 17:46) Miguel1234 |
The packets in the screenshot are 802.11 management frames; those are not IP packets and do not have IP addresses. answered 01 Feb '16, 02:52  Guy Harris ♦♦ |
Just wanted to thank you for the response. I checked the EAPOL section you recommended and realized I was missing the initial packets when connecting to the network. That solved the problem. Thanks!