wireshark not capturing

[Paul_o]

been trying to get wireshark running on my laptop but having trouble getting it to capture on my wireless card. its a cisco aironet cb21ag-e-k9 card. it shows up ok in the interfaces but when you select it it does not capture packets. i have managed to get it working once so i know it does work but since then have not had any success. i have re-installed winPcap and wireshark the card does work ok so the driver are working, not sure what to try next?

[onoski]

Is there a chance you've a desktop PC you can try it on to make sure its not the laptop? You might also want to check ip filtering is not turned on too.

[ffreeloader]

I'm not too sure that wireshark will capture packets from a wireless card, and especially on Windows. I've never been able to get it to do that. There are so many differences between 802.11 and Ethernet that it's almost impossible to do.

Get something like kismet or netstumbler. They are designed specifically for wireless purposes.

[zebulebu]

The problem with capturing wirelessly in Windows lies in the fact that the drivers used by most WLAN adapters in Windows don't support monitor mode, or don't deal properly with 802.11 headers. If you've got it working in the past, I'd suggest that you disable promiscuous mode and see if that works. Of course, even if it does it won't be much use to you unless you're only interested in capturing traffic between your host and an AP.

I'd be surprised if you have got it to work promiscuously in the past - as far as I'm aware, the vast majority of driver adapters, including all forms of Aironet cards, don't support monitor mode. Like I said, try turning promiscuous mode off and see if that helps.

TBH, you really shouldn't bother fannying about with Windows for wireless sniffing, enumeration or hacking - use BackTrack instead. Its a free live Linux distro that boots off CD so you don't have to do anything to your Windows OS and everything works perfectly with most cards (its what BackTrack was designed for!)

[Paul_o]

Thanks Zeb, yes it works fine in non promiscuous mode. i had backtrack installed as a dual boot but when i installed a new hdd on the laptop i didn't create a linux partition hence trying to get wireshark on windows working. looks like i'll have to move a partition and re-install backtrack. i have run it from the live cd before but prefer to have a proper install. that's today's job sorted.

[r.h.lee]

Quote:

Originally Posted by Paul_o

been trying to get wireshark running on my laptop but having trouble getting it to capture on my wireless card. its a cisco aironet cb21ag-e-k9 card. it shows up ok in the interfaces but when you select it it does not capture packets. i have managed to get it working once so i know it does work but since then have not had any success. i have re-installed winPcap and wireshark the card does work ok so the driver are working, not sure what to try next?

Paul_o,

What kind of wireless network are you connected to? Ad hoc? Infrastructure?

[zebulebu]

Quote:

Originally Posted by Paul_o

Thanks Zeb, yes it works fine in non promiscuous mode. i had backtrack installed as a dual boot but when i installed a new hdd on the laptop i didn't create a linux partition hence trying to get wireshark on windows working. looks like i'll have to move a partition and re-install backtrack. i have run it from the live cd before but prefer to have a proper install. that's today's job sorted.

Paul - in case you get stuck, there's an excellent video tutorial here detailing how to set up a good, solid dual boot system with Windows & Backtrack