Guys I have one serious problem capturing packets using a ZD1211B chip based usb dongle on Fedora 7 and Wireshark



I've struggled to change my wireless usb dongle to monitor mode but now I know how to do it.



Here's the code:



/sbin/service NetworkManager stop

/sbin/chkconfig NetworkManager off

/sbin/ifconfig wlan0 down

/sbin/iwconfig wlan0 mode monitor

/sbin/ifconfig wlan0 up

/sbin/iwconfig wlan0 channel 11

/sbin/iwconfig wlan0

wlan0 IEEE 802.11g Mode:Monitor Frequency:2.462 GHz
Retry min limit:7 RTS thrff Fragment thr=2346 B
Encryption keyff
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0





Then I open Wireshark hit capture interfaces (with promiscuous mode seleted) and right there my wlan0 starts to count packets.

But when I start capturing I only get Beacons Probes and unresolved.



In my last capture for 3.5 hours I got around 200.000 packets mostly beacons probes and only 2 of them were IPX.

No http or any other protocols were found and I got around 50 endpoints and 10 diferent SSID's!!


Besides my WLAN using Windows and Fedora 7 I've found 4 medium/low signal WLAN beaconing their SSID...


Something has to be wrong!!!!
Can you help me solve this?

it sounds like your wifi driver isn't putting the chip into monitor mode properly. You don't mention which distribution or kernel version you are using. You might find something useful at http://zd1211.wiki.sourceforge.net/VendorBasedDriver

good luck!