Wireshark 4.0.0 macOS GUI seems not to allow me capture IP payload

asked 2022-10-18

hisaotsu gravatar image

I would like to verify if I am the only one having the issue collecting the "IP layer and above" payload if I capture from Wireshark GUI against a "Wi-Fi" interface.

My WiFi interface is en0. When I start capturing packets from GUI, it will collect 802.11 "radio" information, but I am interested in the payload of it -- IP and upper layer protocols.

Using tshark against en0 will allow me to collect the packets, so I have a workaround.

I would like to know if there is anything I did not notice in capturing the data via GUI.

Thank you in advance.

Answer

answered 2022-10-18

Jaap gravatar image

That is indicative of the WiFi interface capture being configured in Monitor mode. Either this is done through the capture options dialog, or some other means depending on the particular macOS version.

You are right. I had "monitor" checked in GUI. Thank you so much!

hisaotsu gravatar imagehisaotsu ( 2022-10-19 04:57:24 +0000 )edit

