Revision history [back]

Hello, there! I'm relatively new to these forums, so please give feedback in a positive manner! Recently I've been trying to capture internet traffic between hosts other than my own in my network.

Context Rich Background

(Skip down to TL;DR for a quick explanation)

I've initially attempted to capture packets through ethernet. However, I believe the reason I'm not capturing any packets on that interface is that my router has a switch topology meaning it won't send any packets to the port my ethernet cable is connected to unless it's designated for my computer or it's a broadcast message. And turning on promiscuous mode doesn't change the result here.

And unfortunately, there is not a port on the switch which is specific for network analysis. It's a pretty old one.

I've since changed my focus to capturing wireless packets because it appears a wireless access point doesn't have the same restrictive filtering as my switch. What I mean is that wifi sends out the packets in a wide range. I believe it shouldn't be that hard to have my wireless adapter simply capture the traffic even if it doesn't have its IP address.

This has led me to many forums telling me to enable monitor mode on my adapter. I've watched from TheNewBoston's Wireshark tutorial that told me some adapters just don't have an option to turn on promiscuous mode (or in this case, I think he means monitor mode). Up until 4:30, he's explaining one that he uses that has worked for him in the past. So I went ahead and ordered the same one to make sure it can enable monitor mode. Now the trouble I'm running into is not entirely knowing if I've enabled it or not on the adapter. I have Npcap installed rather than WinpCap. Is having Npcap working with Wireshark enough? Do I have to do some manual procedure? And yes I've read the Wireshark wiki. On this subject, they say it's very operating system and adapter specific. Any help or easy setup's to get me capturing traffic is appreciated as well.

I apologize if this post has too much context. I just want to get any questions about my previous steps out of the way so we can get to the answer faster.

TL;DR

I've been attempting to enable promiscuous mode on an adapter TheNewBoston recommended and stated has the ability to do so. So now I'm curious what the procedure is to enable it for this adapater? Is having NPcap and Wireshark good enough? Any help is appreciated.

Hello, there! I'm relatively new to these forums, so please give feedback in a positive manner! Recently I've been trying to capture internet traffic between hosts other than my own in my network.

Context Rich Background

(Skip down to TL;DR for a quick explanation)

I've initially attempted to capture packets through ethernet. However, I believe the reason I'm not capturing any packets on that interface is that my router has a switch topology meaning it won't send any packets to the port my ethernet cable is connected to unless it's designated for my computer or it's a broadcast message. And turning on promiscuous mode doesn't change the result here.

And unfortunately, there is not a port on the switch which is specific for network analysis. It's a pretty old one.

I've since changed my focus to capturing wireless packets because it appears a wireless access point doesn't have the same restrictive filtering as my switch. What I mean is that wifi sends out the packets in a wide range. I believe it shouldn't be that hard to have my wireless adapter simply capture the traffic even if it doesn't have its IP address.

This has led me to many forums telling me to enable monitor mode on my adapter. I've watched from TheNewBoston's Wireshark tutorial that told me some adapters just don't have an option to turn on promiscuous mode (or in this case, I think he means monitor mode). Up until 4:30, he's explaining one that he uses that has worked for him in the past. So I went ahead and ordered the same one to make sure it can enable monitor mode. Now the trouble I'm running into is not entirely knowing if I've enabled it or not on the adapter. I have Npcap installed rather than WinpCap. Is having Npcap working with Wireshark enough? Do I have to do some manual procedure? And yes I've read the Wireshark wiki. On this subject, they say it's very operating system and adapter specific. Any help or easy setup's to get me capturing traffic is appreciated as well.

I've read this forum post hoping to find answers. However, it doesn't seem to have a solution to my specific problem.

I apologize if this post has too much context. I just want to get any questions about my previous steps out of the way so we can get to the answer faster.

TL;DR

I've been attempting to enable promiscuous mode on an adapter TheNewBoston recommended and stated has the ability to do so. So now I'm curious what the procedure is to enable it for this adapater? Is having NPcap and Wireshark good enough? Any help is appreciated.

Hello, there! I'm relatively new to these forums, so please give feedback in a positive manner! Recently I've been trying to capture internet traffic between hosts other than my own in my network.

(Skip down to TL;DR for a quick explanation)

I've initially attempted to capture packets through ethernet. However, I believe the reason I'm not capturing any packets on that interface is that my router has a switch topology meaning it won't send any packets to the port my ethernet cable is connected to unless it's designated for my computer or it's a broadcast message. And turning on promiscuous mode doesn't change the result here.

And unfortunately, there is not a port on the switch which is specific for network analysis. It's a pretty old one.

I've since changed my focus to capturing wireless packets because it appears a wireless access point doesn't have the same restrictive filtering as my switch. What I mean is that wifi sends out the packets in a wide range. I believe it shouldn't be that hard to have my wireless adapter simply capture the traffic even if it doesn't have its IP address.

This has led me to many forums telling me to enable monitor mode on my adapter. I've watched from TheNewBoston's Wireshark tutorial that told me some adapters just don't have an option to turn on promiscuous mode (or in this case, I think he means monitor mode). Up until 4:30, he's explaining one that he uses that has worked for him in the past. So I went ahead and ordered the same one to make sure it can enable monitor mode. Now the trouble I'm running into is not entirely knowing if I've enabled it or not on the adapter. I have Npcap installed rather than WinpCap. Is having Npcap working with Wireshark enough? Do I have to do some manual procedure? And yes I've read the Wireshark wiki. On this subject, they say it's very operating system and adapter specific. Any help or easy setup's to get me capturing traffic is appreciated as well.

I've read this forum post hoping to find answers. However, it doesn't seem to have a solution to my specific problem.

I apologize if this post has too much context. I just want to get any questions about my previous steps out of the way so we can get to the answer faster.

I've been attempting to enable promiscuous mode on an adapter TheNewBoston recommended and stated has the ability to do so. So now I'm curious what the procedure is to enable it for this adapater? Is having NPcap and Wireshark good enough? Any help is appreciated.

Hello, there! I'm relatively new to these forums, so please give feedback in a positive manner! Recently I've been trying to capture internet traffic between hosts other than my own in my network.

Context Rich Background

(Skip down to TL;DR for a quick explanation)

I've initially attempted to capture packets through ethernet. However, I believe the reason I'm not capturing any packets on that interface is that my router has a switch topology meaning it won't send any packets to the port my ethernet cable is connected to unless it's designated for my computer or it's a broadcast message. And turning on promiscuous mode doesn't change the result here.

And unfortunately, there is not a port on the switch which is specific for network analysis. It's a pretty old one.

I've since changed my focus to capturing wireless packets because it appears a wireless access point doesn't have the same restrictive filtering as my switch. What I mean is that wifi sends out the packets in a wide range. I believe it shouldn't be that hard to have my wireless adapter simply capture the traffic even if it doesn't have its IP address.

This has led me to many forums telling me to enable monitor mode on my adapter. I've watched from TheNewBoston's Wireshark tutorial that told me some adapters just don't have an option to turn on promiscuous mode (or in this case, I think he means monitor mode). Up until 4:30, he's explaining one that he uses that has worked for him in the past. So I went ahead and ordered the same one to make sure it can enable monitor mode. Now the trouble I'm running into is not entirely knowing if I've enabled it or not on the adapter. I have Npcap installed rather than WinpCap. Is having Npcap working with Wireshark enough? Do I have to do some manual procedure? And yes I've read the Wireshark wiki. On this subject, they say it's very operating system and adapter specific. Any help or easy setup's to get me capturing traffic is appreciated as well.

I've read this forum post hoping to find answers. However, it doesn't seem to have a solution to my specific problem.

I apologize if this post has too much context. I just want to get any questions about my previous steps out of the way so we can get to the answer faster.

TL;DR

I've been attempting to enable promiscuous mode on an adapter TheNewBoston recommended and stated has the ability to do so. So now I'm curious what the procedure is to enable it for this adapater? Is having NPcap and Wireshark good enough? Any help is appreciated.

Error: SetWlanOperationMode::SetInterface error, error code = 50 (The request is not supported)
Failure