Wireshark-users: Re: [Wireshark-users] I see no captured packets at all

From: "Small, James" <JSmall@xxxxxxxxxxxxxx>
Date: Thu, 28 Dec 2006 21:52:31 -0500
Cor,

Unfortunately, many wireless cards in Windows do not allow you to do
network captures.  I use to have a link to a web site that explained it
all and had a list of Wireless NICs/Chipsets and which ones worked or
didn't work for network captures but now I can't find it.

However, many times you can get around this by bridging if you're using
XP.  Basically, you need to add the Microsoft Bridge and add your
wireless adapter to it.  You then choose the Microsoft MAC Bridge
Virtual NIC as the capture source instead of the Wireless card.  This
works in the majority of cases - I use it myself.

If I remember correctly, in the Network Control Panel, I believe you
select two adapters and then select bridge.  This creates a Microsoft
Virtual Bridge with the two adapters as members of the bridge.  After
the bridge is created, you can remove everything except your wireless
card and try capturing as described above (just go into the bridge
properties).

When you create the bridge, it acts just like a simple network bridge
including emitting 802.1d spanning tree BPDUs.  Be warned, many switches
(especially corporate ones) are configured to basically shutdown if they
detect spanning tree BPDUs.  Usually if you're just bridging your
wireless card this doesn't create problems.  However, I have run into
some instances where the wireless network is seamlessly bridged to a
wired switch and when the switch detects spanning tree BPDUs, it
disables the switch port that the access point is on.  This is rare but
possible so be warned!

Also, sometimes my wireless connection can be a little flakey and if I
remove the bridge the problems go away.  That said, I usually always run
in bridged mode so I can do captures and for the most part it works
well.

Let me know if you have trouble setting up the bridging,
  --Jim


> -----Original Message-----
> >> I installed Wireshark (Version 0.99.4 (SVN Rev 19757)) on my laptop
> >> (Acer Aspire 6510 with a build in Intel PRO/Wireless 3945ABG
network
> >> card), running Windows XP sp2.
> >> My LAN has an Asus WL500g router and  a 3COM switch for the wired
> >> desktops attached to it.
> >>
> >> When I start capturing on the laptop, the name of my networkcard is
> >> mentioned in the top of the capture window all right, but no
captured
> >> packets are shown, even if I wait for 10 minutes.
> >>
> >> I also uninstalled and re-installed WinPcap (version 3.1)
> >>
> >> What am I doing wrong? Is this network card the evil part?
> >> On one of the wired desktops, it works fine.