On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:
Are you using PCAP (or similar) adapters?
Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or
similar) adapters":
http://www.cacetech.com/products/airpcap.html
Windows, prior to the adoption of "Native 802.11":
http://msdn.microsoft.com/en-us/library/aa503061.aspx
was not very friendly towards capturing on 802.11 networks, and, even
with Native 802.11, capturing with WinPcap (the capture mechanism
Wireshark uses on Windows) doesn't work all that well (WinPcap doesn't
support NDIS 6, and thus doesn't support Native 802.11). With
WinPcap, on 802.11 networks, you can capture with promiscuous mode
off, and capture traffic to and from your machine, which will
*probably* work; promiscuous mode might not work at all, and monitor
mode isn't supported.
AirPcap adapters are special (they don't plug into the normal Windows
networking stack, so they can't be used as normal adapters to join a
wireless network), and can capture (in what amounts to monitor mode)
on Windows.