Home page logo
/

wireshark logo Wireshark mailing list archives

Re: why is "Wireless setting" grayed out in wireshark?
From: Guy Harris <guy () alum mit edu>
Date: Sat, 22 Sep 2012 12:55:18 -0700


On Sep 22, 2012, at 5:41 AM, Kevin Wilson <wkevils () gmail com> wrote:

Hi,
I have Version 1.6.10 of wireshark on Fedora 17.

I have a Ralink USB wireless adapter which supports "monitor mode".
I ran the following:

iwconfig wlan0 mode monitor
ifconfig  wlan0 up

and ifconfig wlan0 shows wlan0 is up and running.

Now when I open wireshark on the same machine, and go to Capture->Options,
I select wlan0. The problem is that the "wireless setting" button is
grayed in this dialog.

The problem is that the "wireless setting" button *exists* in the dialog; in the standard Wireshark 1.6.x source, it's 
only enabled if you have AirPcap, and you only have AirPcap on Windows.  If you have a "Wireless Settings" button in 
Wireshark 1.6.10 on Linux, it's because somebody modified Wireshark to add it to UN*X; you'd have to ask them how to 
make it work.

It looks as if, for some unknown reason, somebody decided to enable AirPcap in the Fedora 17 build of Wireshark:

        http://pkgs.fedoraproject.org/cgit/wireshark.git/tree/wireshark.spec?h=f17

(note the "--enable-airpcap").  I'll try to disable that option if you're not on Windows, to keep people from making 
that mistake in the future (if somebody would like to contribute drivers etc. for AirPcap adapters on non-Windows OSes, 
they should feel free to do so).

Also the "Link-Layer header type" is disabled.

On Linux, you can't choose the link-layer header type for wireless adapters with libpcap.  If monitor mode is enabled, 
you get whatever headers the driver supplies; for most if not all mac80211 drivers, those are radiotap+802.11 headers.  
If monitor mode is disabled, you get whatever headers the driver supplies; for most if not all drivers, those are fake 
Ethernet headers.

Any idea why is it so

See above.

and what should be done to enable these two buttons ?

Nothing should be done to do so.  See above.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault