Ask Your Question
0

Wireshark 4.0.0 macOS GUI seems not to allow me capture IP payload

asked 2022-10-18 14:40:38 +0000

hisaotsu gravatar image

I would like to verify if I am the only one having the issue collecting the "IP layer and above" payload if I capture from Wireshark GUI against a "Wi-Fi" interface.

My WiFi interface is en0. When I start capturing packets from GUI, it will collect 802.11 "radio" information, but I am interested in the payload of it -- IP and upper layer protocols.

Using tshark against en0 will allow me to collect the packets, so I have a workaround.

I would like to know if there is anything I did not notice in capturing the data via GUI.

Thank you in advance.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-10-18 16:21:10 +0000

Jaap gravatar image

That is indicative of the WiFi interface capture being configured in Monitor mode. Either this is done through the capture options dialog, or some other means depending on the particular macOS version.

edit flag offensive delete link more

Comments

You are right. I had "monitor" checked in GUI. Thank you so much!

hisaotsu gravatar imagehisaotsu ( 2022-10-19 04:57:24 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-10-18 14:40:38 +0000

Seen: 100 times

Last updated: Oct 18 '22