Monday, October 6, 2014
Wireshark Capture Options
Promiscuous mode:
if promiscuous mode is disabled
- Wireshark can capture traffic destined only to interface on which the capture is enabled + multicast and broadcast traffic
if promiscuous mode is enabled
- Wireshark can capture traffic from/to all MAC addresses
- prosmiscous mode does not enable WLAN adapater to capture traffic regardless of SSID
Monitor Mode:
- enables Wireshark to capture WLAN traffic regardless of SSID
- available with AirPcap Adapters
*** with the normal adapters you can capture wireless traffic but most likely the 802.11 header will be replaced with a fake Ethernet header
AirPcap Adapter
- can capture wireless traffic on Windows environment
- on monitor mode they can capture all 802.11 management control and data frames
- they add a Radiotap or PPI header in front of 802.11 header wich provides channel and signal information at the moment the packets were captures
*** if you want to capture packets on more channels you can use multiples AirPcap NICs with AirPcap aggregate driver
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment