http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1315
------- Comment #3 from guy@xxxxxxxxxxxx 2007-01-18 18:50 GMT -------
There are multiple problems here.
One is that the AirPort driver disassociates from the network when put into
monitor mode, and that the way you put the AirPort interface "enN" into monitor
mode is to open the fake interface "wltN" for capturing.
One is that libpcap's pcap_findalldevs() routine, used by Wireshark to find all
the network adapters on which it can capture, attempts to open all the
interfaces it finds, to see whether they *can* be opened (just because an
interface shows up in the list of interfaces the OS provides can be opened for
capturing - on Solaris, for example, the loopback interface shows up in the
list, but Solaris doesn't support capturing on it). This means that not only
does Wireshark disassociate from the network, so does tcpdump if you run it
with the "-D" flag (to get a list of interfaces) or without the "-i" flag (so
that it has to choose an interface on which to capture, which it does by
calling pcap_findalldevs() to get the interface list from which to choose), as
noted in other comments. The current top-of-tree and top-of-x.9-branch libpcap
explicitly avoids opening "wlt" devices on OS X, to work around the previous
problem; however, that version isn't in OS X.
One is that Wireshark's "Capture Interfaces" window (for the Capture ->
Interfaces menu item) includes the wlt devices, so it'll open them even if
pcap_findalldevs() doesn't.
We can't do anything about the first problem.
For the second problem, you need to build Wireshark with the top-of-tree or
top-of-x.9-branch libpcap, not the one that comes with OS X.
For the third problem, the workaround is "don't select the Capture ->
Interfaces menu item"; that will be fixed at some point.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.