Hi, I have broadcom 4313 wirless adapter, I used wireshark but I can only see my packets how I can see pacekts of other pc's on my lan, I have windows 7 64bit. asked 21 Aug '12, 12:51  mkarmi |
2 Answers:
By either running something other than Windows, by running something other than Wireshark, or by buying an AirPcap USB adapter. On a Wi-Fi network, you'd have to run in monitor mode to see traffic to or from other machines on the network. On Windows, Wireshark uses WinPcap, which doesn't support the Windows feature (Native Wi-Fi) required to run in monitor mode. Microsoft Network Monitor does support Native Wi-Fi and thus can support monitor mode if the driver for your network adapter supports it - which, unfortunately, many don't, and others do but not correctly, so that's not a guarantee. (I don't know whether the Windows driver for the Broadcom 4313 supports monitor mode correctly.) There are also programs that cost money that can capture in monitor mode on at least some types of network adapters (at least some of them supply their own drivers for the network adapters, so they only work with some network adapters). Some of those programs include:
The AirPcap adapters don't go through the normal Wi-Fi networking stack on Windows (they only act as capture devices; they don't work as regular Wi-Fi adapters), and WinPcap includes support for them, so they can be used to capture other machines' traffic on Windows using Wireshark. On, for example, Linux, Wireshark uses libpcap, which uses mechanisms that support monitor mode. answered 22 Aug '12, 01:10  Guy Harris ♦♦ edited 22 Aug '12, 14:51 |
Check this link answered 24 Aug '12, 12:36  Harsha That helps if you want to capture USB traffic, but that won't help for Wi-Fi traffic between other machines on your network. (24 Aug '12, 13:55) Guy Harris ♦♦ additionally, you assume Linux, whereas the OP mentioned 'windows 7 64bit' !?! (24 Aug '12, 14:10) Kurt Knochner ♦ |
Thank you, but I want to ask if I downloaded wireshark in linux can I capture in monitor mode? and how can I download libcap on it?
Yes. See this part of the Wireshark Wiki for information on how to turn monitor mode on.
Most Linux distributions have both command-line and GUI tools for installing packaged software for the distribution. If you were to install Wireshark through one of those tools, the tool would also install libpcap, as Wireshark on UN*X depends on libpcap.
I downloaded wireshark in linux, first I got no intreface I solved that by typping in the terminal "sudo wireshark" but I got this message Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled" and capture monitor mode is grey in eth0, so that means my wirlesscard not supported?
The Lua message may mean "I'm running as root, so I'm afraid of running random bits of possibly-untrustworthy Lua code, so I'm not going to do it'. You should probably be afraid of running over 2 million lines of C code as root, too. See the sections on Debian/Ubuntu/etc., and on other Linux distributions, in the Capture Privileges page in the Wireshark Wiki.
On many Linux distributions, libpcap isn't built with libnl, causing its APIs for turning monitor mode on not to work. Those APIs are what Wireshark uses, so, on those distributions, Wireshark will (correctly) think it can't turn monitor mode on.
See the Linux section of the CaptureSetup/WLAN page of the Wireshark Wiki for information on an alternative way to capture in monitor mode, using the
airmon-ngscript.