I am trying to open a .cap file using Wireshark. I am facing problems with respect to the source and destination IP addresses. I obtained this .cap file by capturing network traffic using Microsoft Network Monitor. The .cap file when opened in Network Monitor displays the corresponding IP addresses. How to I obtain the same in Wireshark?

alt text

asked 04 Apr '11, 10:41

Bruce's gravatar image

Bruce
11447
accept rate: 0%


To see IP addresses, Wireshark has to see IP traffic. It's saying "IEEE 802.11", which means Wireshark is seeing the 802.11 headers, but it's not seeing anything past that, such as IP headers.

Is that traffic encrypted (WEP, WPA, WPA2)? If so, to see IP traffic, Wireshark needs to be able to decrypt the traffic, so you'd have to tell it the password for the network; see the How To Decrypt 802.11 page in the Wireshark Wiki.

link

answered 05 Apr '11, 14:06

Guy%20Harris's gravatar image

Guy Harris ♦♦
11.6k227146
accept rate: 18%

@Guy: Yes the traffic is encrypted. Also I should have mentioned this in the question but I connect to The Internet via a wireless AP.

(07 Apr '11, 23:32) Bruce

That depends on name resolution settings, see here.

link

answered 04 Apr '11, 22:32

Jaap's gravatar image

Jaap ♦
6.5k974
accept rate: 12%

@Jaap: How do I enable ARP name resolution. I can't see it in preferences. Or did ARP name resolution fail in my case?

(05 Apr '11, 05:56) Bruce
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×91

Asked: 04 Apr '11, 10:41

Seen: 3,719 times

Last updated: 07 Apr '11, 23:32

powered by OSQA