Hello all,
I
have very recently had to uninstall madwifi drivers (ath_pci) and use ath5k
instead for my wireless card in ubuntu. However, I’ve noticed that it
presents two interfaces in ifconfig and Wireshark’s list of interface for
my card, ie. wlan1 and mon.wlan1.
The
first time I’ve tried to capture traffic on wlan1 using Wireshark, I’ve
noticed that I had packets missing for a certain communication among nodes and
then I realized that if I opened another instance of Wireshark and capture mon.wlan1
I was able to see the “missing” packets there. It seems that one
interface captures all the incoming traffic and the other all the outgoing.
However,
this is very very annoying when trying to debug things and see the time
difference between incoming and outgoing packets and of course not being able
to see the exchange of packets in one instance of Wireshark (as a nice list) it
messes things up.
All
this, lead us to the following question. Is Wireshark able to combine wlan1 and
mon.wlan1 which in fact refer to one interface? Or I am able to create a pseudo-device
as the “any” option in Wireshark to combine these two?
Thanks
very much in advance,
Panos
Ps. thanks to all who replied during the
weekend on my filter out question, it helped greatly!