TABLE OF CONTENTS In order to begin sniffing wireless traffic with Wireshark, your wireless card must be in monitor mode. Wireshark does not do this automatically; you have to manually configure your wireless card before starting your packet capture. However, the commands you need in order to configure the card in monitor mode can differ based on the type of wireless card and driver that you are using. This section discusses how to complete this step based on the most common wireless card and driver combination for Linux.
| Tip | Determining the type of wireless card you have isn t always easy. While there are only a handful of manufacturers that make the wireless chipset hardware, multiple vendors re-brand the cards, thus making it difficult to identify what the actual chipset is. One resource for identifying the chipset from the card manufacturer is available at http://linux-wless.passys.nl. If your specific card isn t listed here you can search using Google with the card name and keyword chipset (e.g., WPC55AG chipset). |
Most wireless drivers for Linux systems use the Linux Wireless Extensions interface, providing a consistent configuration interface for manipulating the wireless card. First, let s identify the wireless driver interface name by running the wireless card configuration utility iwconfig with no parameters:
$ iwconfigeth0 no wireless extensions. lo no wireless extensions. eth1 IEEE...
