1
I am using Wireshark for 802.11g sniffing. The AP is not using any encryption. These are my observations:
- The vast majority packets are beacons and the probe requests.
- If I filter out beacons using the filter
!(wlan.fc.type_subtype==0x08), I can see some ARP, ICMPv6, IGMPv3 and DHCP packets. These packets mostly came when a fresh connection is made from a station to an AP. - When I do Ping or telnet, I cannot see any Data packets, even when the Ping/telnet operations are clearly going on and successful.
- Basically, Only broadcast packets get displayed. (One exception is some packets are shown with Destination Address being Cisco_00:00:00/01:0b:85:00:00:00).
Does anybody know what went wrong?
My Wireshark version is 1.8.2. I am using a Ubuntu 12.10 and a USB wireless adaptor Belkin F5D7050. I have put the WLAN interface to monitor mode with airmon-ng start wlan1.
(Update: It looks like a driver or hardware issue. There are some similar discussions like here.)
Penghe Geng
Posted 2013-04-29T19:22:07.287
Reputation: 206
Did you run Wireshark on
wlan1ormon0? Only the latter is a monitor interface. – user1686 – 2013-04-29T19:34:48.123It's
mon0. wlan1 is not even shown in the Wireshark Capture Interfaces dialog. – Penghe Geng – 2013-04-29T19:40:00.893