From: Panagiotis Georgopoulos
[mailto:panos@xxxxxxxxxxxxxxxx]
Sent: Monday, May 17, 2010 17:11
To: wireshark-users@xxxxxxxxxxxxx
Subject: "Combine" two interfaces in wireshark?
Hello all,
I have very recently had to uninstall madwifi drivers (ath_pci) and use ath5k
instead for my wireless card in ubuntu. However, I’ve noticed that it presents
two interfaces in ifconfig and Wireshark’s list of interface for my card, ie.
wlan1 and mon.wlan1.
The first time I’ve tried to capture traffic on wlan1 using Wireshark, I’ve
noticed that I had packets missing for a certain communication among nodes and
then I realized that if I opened another instance of Wireshark and capture
mon.wlan1 I was able to see the “missing” packets there. It seems that one
interface captures all the incoming traffic and the other all the outgoing.
However, this is very very annoying when trying to debug things and see the
time difference between incoming and outgoing packets and of course not being
able to see the exchange of packets in one instance of Wireshark (as a nice
list) it messes things up.
All this, lead us to the following question. Is Wireshark able to combine wlan1
and mon.wlan1 which in fact refer to one interface? Or I am able to create a
pseudo-device as the “any” option in Wireshark to combine these two?
Thanks very much in advance,
Panos
Ps. thanks to all who replied during the
weekend on my filter out question, it helped greatly!