This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm running Wireshark 1.2.4 on Windows 7 and I have WinPcap 4.1.1 installed. In Wireshark only the following three interfaces are listed: "Microsoft" "NDIS-WDM Driver for HighSpeed USB-Ethernet Adapter" "Realtek RTL8102/8103 Family PCI-E FE NIC"

It doesn't list the wireless card inside my Dell laptop, the wireless card which is listed in Control Panel as "Dell Wireless 1520 Wireless-N WLAN Mini-Card" (and through which I am currently connected).

Now, I'm able to select "Microsoft" as the interface I want to capture, and it will display packets sent and received. However, my problem is that I want to test a program called Psiphon (Psiphon.ca) which automatically establishes a VPN or SSH connection to a remote IP address. I want to use Wireshark to determine what IP address it's connecting to. However, if I capture the "Microsoft" interface while I'm connected through that VPN, and I load a site like www.peacefire.org, Wireshark captures packets showing their destination as 69.72.177.140 (the IP of www.peacefire.org), even though that's NOT where the packets are actually being sent to from my machine. The packets are being sent to whatever VPN server I'm connected through.

I assume this is because when the "Microsoft" interface is selected, Wireshark captures traffic at the high level that the Internet Explorer API thinks it's sending traffic to, not at the low level of the IP address that my wireless card thinks it's sending traffic to.

So, any idea why my wireless card isn't listed and how to capture traffic at the low level that I want, to see what IP address the VPN software is connecting to?

asked 17 Feb '12, 07:02

bennetthaselton's gravatar image

bennetthaselton
1111
accept rate: 0%


Windows is a bit difficult wrt capturing on wireless interfaces. See the WLAN capture page on the Wiki for more info.

Edit:

I did a little more checking on my Dell Laptop, the "Microsoft" interface is probably the MS ISATAP pseudo interface for IPv6 tunnelling. My wireless card (a 6205) does show up, a colleagues 1501 doesn't. I'm guessing it's a driver/NDIS issue.

The only other option I have to offer is to try Network Monitor from MS.

permanent link

answered 17 Feb '12, 07:06

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 17 Feb '12, 07:51

also try the version of WinPCAP (4.1.2) and the new version of Wiresharl (1.6.5)

permanent link

answered 17 Feb '12, 09:02

dixglata's gravatar image

dixglata
1
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×139

question asked: 17 Feb '12, 07:02

question was seen: 6,117 times

last updated: 17 Feb '12, 09:02

p​o​w​e​r​e​d by O​S​Q​A