Wireshark-users: Re: [Wireshark-users] Newbie question

From: Sake Blok <sake@xxxxxxxxxx>
Date: Sun, 23 Sep 2007 20:23:22 +0200
On Sun, Sep 23, 2007 at 02:03:09PM -0400, Tom Maugham wrote:
> I have just installed Wireshark on a laptop which I want to use to monitor
> my home network. My setup is three desktops connected to a Westell 327W
> Verizon DSL wirless router. One desktop is hardwired and the other two and
> the laptop are wireless. The hard-wired desktop is using XP Pro SP2 and all
> the other desktops and the laptop are XP Home SP2. 
> 
> When I initiate Wireshark on the laptop it seems to see everything that is
> occurring on the laptop but not very much on the other PCs. Why is that? Am
> I expecting too much from Wireshark or do I not have it configured properly?

Have a look at http://wiki.wireshark.org/CaptureSetup/WLAN :

----- <quote> -----
 Capturing WLAN traffic on Windows depends on WinPcap and on the underlying network adapters and drivers. Unfortunately, most drivers/adapters support neither monitor mode, nor seeing 802.11 headers when capturing, nor capturing non-data frames.

 Promiscuous mode can be set; unfortunately, it's often crippled. In this mode many drivers don't supply packets at all, or don't supply packets sent by the host.
----- </quote> -----

Also when you try to capture all the traffic on the PC with the hard-wired
connection, you won't see all the packets since the network is switched.
Have a look at http://wiki.wireshark.org/CaptureSetup/Ethernet for
more details on what traffic you are able to see on which type of
network-connections.

Hope this helps, Cheers,


Sake