Find the answer to your Linux question:
Results 1 to 2 of 2
Ok I'll try to be as detailed as possible here. Atheros card, Ubuntu 9.10, and a headache. When I run wireshark, usually I capture packets on mon0, never had an ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 04-30-2010 #1
    confusedtux
    confusedtux is offline
    Just Joined!
    Join Date
    Apr 2010
    Posts
    1

    Question Wireshark Problem

    Ok I'll try to be as detailed as possible here.

    Atheros card, Ubuntu 9.10, and a headache.

    When I run wireshark, usually I capture packets on mon0, never had an issue with it. Now I cannot capture anything but broadcast packets on mon0 and I don't understand what has changed.

    ifconfig shows this...

    eth0 Link encap:Ethernet HWaddr 00:26:22:73:78:11
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
    Interrupt:28

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:4 errors:0 dropped:0 overruns:0 frame:0
    TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:240 (240.0 B) TX bytes:240 (240.0 B)

    mon0 Link encap:UNSPEC HWaddr 0C-EE-E6-C6-E5-A7-00-00-00-00-00-00-00-00-00-00
    UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1
    RX packets:27713 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:7979933 (7.9 MB) TX bytes:0 (0.0 B)

    wlan0 Link encap:Ethernet HWaddr 0c:ee:e6:c6:e5:a7
    inet addr:192.168.1.65 Bcast:192.168.1.255 Mask:255.255.255.0
    inet6 addr: fe80::eee:e6ff:fec6:e5a7/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:11388 errors:0 dropped:0 overruns:0 frame:0
    TX packets:11244 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:9201147 (9.2 MB) TX bytes:2224184 (2.2 MB)
    iwconfig shows...

    lo no wireless extensions.

    eth0 no wireless extensions.

    wlan0 IEEE 802.11bgn ESSID:"2WIRE806"
    Mode:Managed Frequency:2.462 GHz Access Point: 00:21:7C:27:B9:99
    Bit Rate=54 Mb/s Tx-Power=20 dBm
    Retry long limit:7 RTS thr:off Fragment thr:off
    Power Management:off
    Link Quality=47/70 Signal level=-63 dBm
    Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
    Tx excessive retries:0 Invalid misc:0 Missed beacon:0

    mon0 IEEE 802.11bgn Mode:Monitor Frequency:2.462 GHz Tx-Power=20 dBm
    Retry long limit:7 RTS thr:off Fragment thr:off
    Power Management:off
    Now with it (mon0) in monitor mode, shouldn't it be capturing all data, i.e. http, tcp, udp, etc? I'm still a newbie, but it used to work and now does not, is it some kind of connection issue?

    When I bring up mon0, I do it by using

    sudo airmon-ng start wlan0
    which creates the new interface. but all the 00:00:00:00:00 at the end of the mon0 hardware address is making me suspicious (maybe just because I'm not schooled in this yet)

    Thanks for reading, I'm totally stumped? Hope to hear from someone that can help, if you need me to post any more info feel free.
    Reply With Quote Reply With Quote
  2. 05-20-2010 #2
    tyman475
    tyman475 is offline
    Just Joined!
    Join Date
    May 2010
    Location
    Iowa
    Posts
    4
    Do you really have to do anything with your NIC? Are you running wireshark as root?

    I just do:
    Code:
    sudo wireshark
    and everything seems to work fine.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules