![]() Note: you also need to restart Wireshark after enabling monitor mode before the 802.11 options will show up in the Link-layer header drop down option. I keep forgetting the need to restart Wireshark for the Link-layer options to change #facepalm. In comparison to capturing 802.11 frames in monitor mode: Now I can see Ethernet, IP, and TCP/UDP headers again: Close it entirely, reopen it and voila:Įthernet is back! Also, the 802.11 options have disappeared because we’re no longer in monitor mode. I spent half an hour the other day scratching my head, when the trick is simply to restart Wireshark. I can’t believe this still trips me up every few months. I could’ve sworn that’s what it is set to by default after install… Then just set the Link-layer header back to Ethernet, just like your other interfaces:Įxcept “Ethernet” isn’t an option. Simple enough – turn it off in the interface settings (Find this button on the Main toolbar to access the menu, then scroll to the right to find the Monitor mode drop down and make sure your Wi-Fi interface has this disabled): I might be troubleshooting an issue and am using my Mac as the client trying to recreate the issue – so I don’t need monitor mode for that. On occasion, I actually use Wireshark to inspect higher level traffic – I want to see the IP addresses and TCP/UDP ports etc. ![]() I want to see the Radiotap and 802.11 headers. On my Mac, I use Wireshark primarily to capture Wi-Fi traffic, in monitor mode. This is one of those quick posts aiming to save me and (maybe you) some time the next time I forget this.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |