Solved: Why is wireshark only sending me probe requests?????

wrainwater · ‎02-21-2018

This isn't really a cisco question but those who work on wireless may know the answer. I dont know where else to go to ask.

Im trying to track the communication that my phone sends through the wireless from signing on to an SSID to going to a webpage. I use the filter wlan.addr = xx:xx:xx:xx:xx:xx

I am using a AirPcap NX packet monitoring USB with 2 antennas attached. My computer is a windows 7 machine which means I have no way to place the AirPcap in monitoring mode (the option has no check box)

all I see are PROBE REQUESTS, SN=SOME NUMBER, FN=0, FLAG=.....BLAH BLAH ssid=Broadcast

To my knowledge I should see a request, response and some data being exchanged.

When I fitre up my Acrylics wireless packet capture I can see all of that traffic using the same card just fine. Acrylics does give me a way to put it in monitoring mode

patoberli · ‎02-22-2018

I guess a restriction of AirPcap, you did start it as Administrator (right click -> run as administrator), right?
Anyway, if the AP is connected to a Cisco Switch, you could configure a mirror port on the switch and you should get all the packets you want.
Otherwise the driver filters out all the information before the OS get's access to it.

View solution in original post

patoberli · ‎02-22-2018

I guess a restriction of AirPcap, you did start it as Administrator (right click -> run as administrator), right?
Anyway, if the AP is connected to a Cisco Switch, you could configure a mirror port on the switch and you should get all the packets you want.
Otherwise the driver filters out all the information before the OS get's access to it.