We posted some new articles on cisco.com, on the subject of getting a wireless packet capture. The main focus is to help Cisco customers collect captures so that we can troubleshoot their problems, but these tips may be generally useful.
Aaron
Technically, isn't a packet sniffer strictly passive? If so, then the comment about the sniffer using a transmitter doesn't make sense.
No mention of wireshark. Is netmon better?
Yes.
If you're referring to 1) in
OK, let's break this down ...
Thus, when it comes to "free" wireless sniffing in Windows 7, Netmon is the only game in town. I'm not too thrilled about the user interface, but it does usually work pretty well (modulo whatever the capabilities of the underlying adapter may provide.)
Thanks for the feedback.
Aaron
Netmon (3.4) does monitor mode wireless sniffing fine in (64-bit) Vista on my Macbook early 2009 with the Apple driver from Boot Camp. Wirelss card is Broadcom BCM43xx 1.0 (5.10.91.22) - as seen in System Profiler in OS X 10.5.8.
Thanks Axel; I've updated the article accordingly.
Btw, Netmon 3.4 also captures some interesting wireless packets when used in non-promiscuous mode, on an adapter in production use. At least on my Intel 6300, I get to see some beacons and probe/authentication/association responses from the AP (although not the probe/authentication/association requests that I'm sending out.)
(Writing that up is on the to-do list.)
Cheers,
Aaron
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.