Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I first just downloaded Wireshark on my MacBook Pro with IOS Sierra and it only showed 802.1.1 interactions and all the protocols are 802.1.1.

Presumably you mean "802.11", not "802.1.1" - there's no 802.1.1 protocol.

That's because you're capturing in monitor mode, and you're on a "protected" network using encryption, so the packets that Wireshark gets are encrypted. You'd have to tell Wireshark the password for your network to decrypt the packets, and, if the network uses WPA/WPA2 rather than WEP (which it probably does), you'd have to make sure you capture the initial "EAPOL handshake" for each machine on the network whose traffic you want to see. See the Wireshark Wiki's "How to decrypt 802.11" page for more information.

Alternatively, if you only want the traffic between your Mac and other machines, you could capture with monitor mode turned off; the traffic will not be encrypted at the LAN layer, but you won't see any other machines on the network unless they're sending your Mac packets or receiving packets from your Mac.

The other thing to not that even though I want to sniff my wireless network, the only capture options with visible traffic are "eth0" and "any".

Your virtual machine probably has no wireless adapters; it has only an "Ethernet adapter" which allows it to send packets to, and receive packets from, the host machine on which the VM software is running. If you want to capture wireless traffic on the virtual machine, you'll probably need to get a USB wireless adapter, plug it into your Mac, and have the virtual machine software give the adapter to the virtual machine rather than to the Mac.

That's why you're not seeing your Mac's traffic on the Internet from the virtual machine - the only machine whose Internet traffic you'll see is the virtual machine itself.