Il 22-10-2008 10:54, Guy Harris ha scritto:
Leopard, to go into monitor mode you currently have to select a "link-
layer header type" other than Ethernet), even in promiscuous mode. I
Indeed, I tried the other two link-layer header types available, "IEEE
802.11 Wireless LAN" and "IEEE 802.11 plus AVS WLAN header", but I
couldn't interpret the results: it appeared that some data packets were
captured, but the seemed to be encrypted or something.
or from other machines; they'll capture the traffic in monitor mode,
but, in order to see that traffic decrypted, you'll need to provide
the password for the network *and* capture the initial setup:
http://wiki.wireshark.org/HowToDecrypt802.11
Ah, thanks, I missed this. I actually wondered if the captured traffic
was encrypted or not (see above), but didn't see mentions of this aspect
in the wiki (http://wiki.wireshark.org/CaptureSetup/WLAN).
I'll try when I get back home.
--
Ciao,
Marco.