using wireshark

June 17, 2009 at 20:54:43
Specs: Windows XP
i am trying to using wireshark for captured packet through wireless.. the problem is, every time i sniff in promiscuous mode, no packet was captured..

i also try to sniff not in promiscuous mode, but it only captured packet that going in and out through my laptop.

how can i sniff traffic for the whole network through wireless? do i have to configured or something?

i am using
-windows xp
-portable wireshark Version 1.0.8
-network interface Intel(R) PRO/Wireless 2200BG Network Connection

please help me.. thanks..


See More: using wireshark

Report •


#1
June 18, 2009 at 07:53:08
Putting a NIC in promiscuous mode on Windows systems doesn't always work. Wireshark is built in to Backtrack which is a Linux based penetration tool & OS.

Download Backtrack 3, burn it to a CD as an ISO. Boot the machine with the CD, open a shell, fun ifconfig -a
The name of the NIC should be eth0 or something like that.
Run ifconfig eth0 up

Then type wireshark & press enter. That will start the program. The rest you know.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
June 18, 2009 at 11:51:54
Wireshark FAQ:

Q 8.7: I'm trying to capture 802.11 traffic on Windows; why am I not seeing any packets?

A: At least some 802.11 card drivers on Windows appear not to see any packets if they're running in promiscuous mode. Try turning promiscuous mode off; you'll only be able to see packets sent by and received by your machine, not third-party traffic, and it'll look like Ethernet traffic and won't include any management or control frames, but that's a limitation of the card drivers.

See MicroLogix's list of cards supported with WinPcap for information on support of various adapters and drivers with WinPcap.


Report •

#3
June 18, 2009 at 16:49:59
The original poster said he wanted to capture the entire network. Question 8.7 refers to capturing packets to & from one machine.

WinPcap is not a free solution. Backtrack is.

How do you know when a politician is lying? His mouth is moving.


Report •

Related Solutions

#4
June 18, 2009 at 17:11:49
Question 8.7 addresses capturing packets in promiscuos mode which:

http://en.wikipedia.org/wiki/Promis...

In computing, promiscuous mode or promisc mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it.

your contradiction is therefore incorrect.

Furthermore:

http://www.wireshark.org/docs/wsug_...

2.8.1. Install Wireshark
You may acquire a binary installer of Wireshark named something like: wireshark-setup-x.y.z.exe. The Wireshark installer includes WinPcap, so you don't need to download and install two separate packages.


So you see WinPcap IS FREE.



Report •

#5
June 18, 2009 at 17:22:41
The NICs that work with WinPcap are not free unless you already own one.

How do you know when a politician is lying? His mouth is moving.


Report •

#6
June 18, 2009 at 17:25:14
The NICs that work with Backtrack are not free unless you already own one.

So what's your point?


Report •

#7
June 18, 2009 at 18:13:41
My point is that backtrack will do what the original poster wants to do. All he has to do is download it & burn it to a CD. What can be easier than that?

If I run wireshark in backtrack with through my wireless NIC, it captures packets from all networks in range.

How do you know when a politician is lying? His mouth is moving.


Report •

#8
June 18, 2009 at 18:57:58
You can do the same with WinPcap and it downloads already with Wireshark...no need to download and burn a CD. That would be easier.

WinPcap will also capture packets on all networks in range.

So far you've been wrong on EVERY point.

It's obvious you have some sort of undying loyalty to backtrack but your doing the poster a dis-service by providing wrong information.

Don't know if you don't know better, or - if like your quotes - your a politician but you really need to check your facts before responding to post.

Only thing worse than no information is bad information.


Report •

#9
June 18, 2009 at 19:09:22
My information about backtrack was not wrong. I didn't have any luck with winpcap. At that time, someone was trying to sell some hardware with it, which is why I said it wasn't free. Maybe it's changed since then. I don't know & I don't care.

Why don't we let the original poster decide what he likes better? Let him choose.

How do you know when a politician is lying? His mouth is moving.


Report •

#10
June 18, 2009 at 20:44:06
If you weren't certain on the information on WinPcap (which you had ALL wrong) then you shouldn't make comments about it don't you think?

It may not matter to you, but it would matter to people looking for "credible" answers to this poster's question.

Why don't we let the original poster have all the "correct" facts, so he (or she) can make a better informed decision?


Report •

#11
June 19, 2009 at 03:51:28
That was the condition of winpcap at the time I tried it. Backtrack is a excellent solution for his situation. Just because it doesn't run on Windows doesn't mean that it's no good. Do you use any other OS besides Windows?

How do you know when a politician is lying? His mouth is moving.


Report •

#12
June 19, 2009 at 09:49:55
i never used any other OS beside Windows.. so that mean i can't use backtrack? actually i already installed winpcap on my laptop but wireshark still can't capture any packet in promiscuous mode..

i need to run wireshark in promiscuous mode through wireless.. so please help me..thanks for both of you..


Report •

#13
June 19, 2009 at 14:05:51
As I said promiscuous mode can be a problem in Windows. Linux drivers seem to work better for that. However, it takes some command line knowledge to use it.

If dknowledge can help you configure it in windows, that would be fine. Let him help you there & if it doesn't work, follow the instructions I posted for backtrack.

How do you know when a politician is lying? His mouth is moving.


Report •

#14
June 20, 2009 at 06:05:18
Here's the thing...Wireshark themselves promote WinPcap so you can use promiscuous mode in Windows else they wouldn't be packaging it in automatically with there software which they've done for the past several years. Never heard of them packaging it with backtrack.

Some people like guapo don't have the skill sets to know how to work the equipment so they give up and try something else, and blame it on the software rather than themselves.

This post thread is infected with bad information from guapo. Lets leave the how to make work using backtrack with guapo information here.

Post a fresh thread entitled wireshark in windows, or something to that effect, and I'll help you out with good intel on how to make it work in Windows.


Report •

#15
June 20, 2009 at 19:20:52
dknowledge, why should he start a new thread? He seems to prefer to use wireshark in windows & you say that you know how he can do it. Why don't you explain it to him NOW instead of knocking my skills? Don't jump ship now. Your big chance is here.

How do you know when a politician is lying? His mouth is moving.


Report •


Ask Question