Can I capture WIFI Direct P2p packets?
I have an Android Samsung Galaxy Tab3 sending WiFi Direct tcp packets to a TI microprocessor. This is working fine but I never get reply packets from the micro. I would like to use WireShark to see if anything is coming back. I have Wire Shark 2.4.5 running on my laptop but I don't see any P2p traffic?? All I can see is the WIFI router traffic.
What laptop do you have, and what capturing mode do you use? In wireless networks, in order to see other than the capturing machine's own traffic, you have to capture in monitoring mode, not only promiscuous one, and some wireless NICs or their drivers for particular operating systems do not support it at all.
You should be fine with Mac, with all the rest is is a matter of luck.
HP ZBook G17 bought new a few months ago. Intel dual Band Wireless-N 7260 I have a Riverbed AirPCap 802.11 on order.
And what OS? Presumably Windows as you're buying an AirPCap? I thought Riverbed had discontinued the AirPCap?
Windows7 PRO. I found Riverbed AirPCap on Ebay for $300. I found Promiscuous mode in Capture -> Options and Edit -> Preferences -> Capture but never found a way to select Monitor mode??
A major reason for AirPcap was that normal WiFi hardware and driver issues on Windows made promiscuous mode impossible. Hopefully you'll have more success with the AirPcap.
You could also try to boot into Linux, e.g. a Kali live CD, and see if that's any better.
I can dual boot the HP ZBook to Ubuntu 16.04 but don't see a Wire Shark download for that??
look for wireshark-qt. 16.04 only has the older 2.2.6. You can also use the wireshark ppa to get an up to date version.
I have "AirPcap USB wireless capture adapter nr.00" installed on Windows XP machine but I still do not see WiFi Direct P2P packets between my Android tablet and my TI microprocessor. I selected the AirPcap in the interfaces dialog. I can set Promiscuous mode (actually its the default) in "Wireshark Capture Options" but have seen no place to set the Monitor mode. I must be in Monitor mode as I see many broadcast packets from a wireless HP Laserjet printer as well as other devices. I have looked at that "AirPcap Control Panel" also.
That device only does monitor mode, so the default usually works. Typically, promiscuous option does not actually do anything with wireless adapters as the driver decides what to do when in monitor mode.
Are you on the correct channel? AirPcap devices are pretty limited in their capability, so if you are trying to communicate outside the performance envelope you will have difficulty.
At least someone was able to collect this type of traffic:
https://osqa-ask.wireshark.org/questi...
You now state you have the AirPcap on an XP machine, originally you said Win 7, which is it? Note that the last version of Wireshark to be officially supported on XP was the (very old) 1.10.
thank for you response and your help. I just rec'd an email asking me what machine I have the AirPCap USB running on. As it will only run on an XP, I was able to find a working XP machine to use with the AirPcap USB device. I installed the version of WireShark that AirPCap provided on the accompanying CD (version 0.99.6a). According to the documentation I have on the TI CC3200 WiFi board and the WiFiDirect demo running on the Android, I am using Channel 6. I have the AirPcap set to 2437 MHz BG6 in the Wireless bar. I have not checked he surrounding channels per you earlier suggestion but will here shortly. Again, I am very grateful for your help.