No packets in Wireshark

asked 2019-12-16 20:26:14 +0000

dreamdelerium gravatar image

updated 2019-12-17 10:33:51 +0000

grahamb gravatar image

Hello,

I am new to using Wireshark and had some questions. As some background, I have purchased a USB wireless adapter, which supports Monitor mode (Alfa AWUS036NH). I am using Windows 10. I have installed the drivers, disabled the computers onboard wifi and ethernet adapters, and plugged in the USB adapter. When I run Wireshark, not in Monitor Mode, I can see traffic. But, when I enable Monitor Mode, in Wireshark Capture Options, there is no traffic. I have no filters on Wireshark. I am connected to the 2G wifi network (which is my network, so I know the password). Am I missing something? As a side note, I have also tried setting this up on Kali (using Virtual Box) but it was real flaky. It would take 10 or minutes for the wifi to even connect, then when I ran Wireshark, in Monitor Mode, the app would freeze. Any suggestions to get this working would be great!

Thanks

Version 3.0.7 (v3.0.7-0-g9435717b91f5)

Running on 64-bit Windows 10 (1903), build 18362, with Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz (with SSE4.2), with 16253 MB of physical memory, with locale English_United States.1252, with Npcap version 0.9983, based on libpcap version 1.9.1-PRE-GIT, with GnuTLS 3.6.3, with Gcrypt 1.8.3, without AirPcap, binary plugins supported (14 loaded). Built using Microsoft Visual Studio 2017 (VC++ 14.16, build 27034).
edit retag flag offensive close merge delete

Comments

Can you paste the information from "wireshark -v" or Help->About Wireshark.

bubbasnmp gravatar imagebubbasnmp ( 2019-12-16 22:32:16 +0000 )edit

Hello and thanks for your help. I have tried to add all the requested details, but this site will not allow me to add all the details (maybe there is a limit to length of additional content? When I try to add more than what I have above, I get an error). I have also tried to add the rest to the comments, but it does not seem to save here either. Let me know if what i provided is enough, or if you would also like to see the details of the installation?

dreamdelerium gravatar imagedreamdelerium ( 2019-12-16 23:25:47 +0000 )edit

A short reading list:
https://ask.wireshark.org/question/11...

Which points to here:
https://wiki.wireshark.org/CaptureSet...

You might want to upgrade npcap. Nothing in the release notes specific to WiFi but may as well be current:
https://nmap.org/npcap/
Version 0.9986 is out today.

The npcap docs on Windows Monitor mode:
https://nmap.org/npcap/guide/npcap-us...

And finally a post by @Jasper from earlier this year:
https://blog.packet-foo.com/2019/04/w...

bubbasnmp gravatar imagebubbasnmp ( 2019-12-17 19:06:06 +0000 )edit

My experience with monitor mode on Windows with npcap is that it is effectively useless; of the 15 or so adapters tested, only one actually brought in traffic and even then I could not change the channel (stuck at channel 1). Others may have better luck than me, though even at Sharkfest this past year it was discussed that this functionality is not ready for any real use.

So for me, problem number 1 is trying to use Windows. I have also had very limited success having monitor mode work through VMs - whether virtualbox or VMWare workstation. It's a slightly higher success rate than npcap, but not near reliable enough to be useful so this is problem 2 - trying to pass the USB through a VM. Changing different settings in the VM (USB2 or 3 support, for instance) sometimes helped, as did a powered external hub (these correlated to ...(more)

Bob Jones gravatar imageBob Jones ( 2019-12-17 20:11:09 +0000 )edit

Thanks everyone. I will try to upgrade NCAP but it looks like the real issue is Windows. As using a VM wont help, I will try setting up a dual boot and see how that works. Thanks!

dreamdelerium gravatar imagedreamdelerium ( 2019-12-18 16:53:01 +0000 )edit