On Oct 21, 2008, at 3:52 PM, Marco De Vitis wrote:
I'm doing some tests on my own wifi network, which is protected using
WPA Personal.
I have a Windows notebook and a MacBook running OSX 10.5.5. I want to
try running Wireshark on the MacBook for sniffing traffic happening
from
the Win machine.
It might be that the AirPort adapter on your MacBook will only capture
traffic from other machines on your network when in monitor mode (on
Leopard, to go into monitor mode you currently have to select a "link-
layer header type" other than Ethernet), even in promiscuous mode. I
think some (perhaps all) wireless adapters will not actually work
promiscuously on protected networks as they can't decrypt traffic to
or from other machines; they'll capture the traffic in monitor mode,
but, in order to see that traffic decrypted, you'll need to provide
the password for the network *and* capture the initial setup:
http://wiki.wireshark.org/HowToDecrypt802.11