LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Wireshark monitor mode not working (https://www.linuxquestions.org/questions/linux-newbie-8/wireshark-monitor-mode-not-working-4175544732/)

gonny95 06-07-2015 10:34 AM
Wireshark monitor mode not working
 
Distro : Arch Linux x86_64

Hi I'm trying to capture packets with Wireshark in monitor mode.

I ran Wireshark with noraml user and selected interface wlp1s0.
When I pushed the start button, the following error occured:
Code:
Unknown message from dumpcap, try to show it as a string: Can't delete monitor interface mon1 (SIOCGIFINDEX: Bad file descriptor).
Please delete manually.
E
I thought that was permission problem, so I ran Wire shark using sudo but still the same error message box.

Any ideas??

exvor 06-09-2015 12:04 AM
Its possible that your interface does not support promiscuous mode.

gonny95 06-09-2015 12:21 AM
Okay.. do you know how to check which modes does the interfaces support?

gonny95 06-09-2015 02:23 AM
My interface do support promiscuous mode
because Wireshark captures packets in promiscuous mode by default.

Also there appears kernel message.
Code:
[Jun 8 14:20] device wlp1s0 entered promiscuous mode
And my interface also seems to support monitor mode.
The problem is I just can't start capturing in monitor mode.

Code:
iw phy0 info
Wiphy phy0
        max # scan SSIDs: 20
        max scan IEs length: 425 bytes
        Retry short limit: 7
        Retry long limit: 4
        Coverage class: 0 (up to 0m)
        Device supports RSN-IBSS.
        Device supports AP-side u-APSD.
        Supported Ciphers:
                * CCMP (00-0f-ac:4)
                * 00-0f-ac:10
                * TKIP (00-0f-ac:2)
                * GCMP (00-0f-ac:8)
                * 00-0f-ac:9
                * WEP40 (00-0f-ac:1)
                * WEP104 (00-0f-ac:5)
                * CMAC (00-0f-ac:6)
                * 00-0f-ac:13
                * 00-0f-ac:11
                * 00-0f-ac:12
                * WPI-SMS4 (00-14-72:1)
        Available Antennas: TX 0 RX 0
        Supported interface modes:
                * IBSS
                * managed
                * AP
                * AP/VLAN
                * monitor
                * P2P-client
                * P2P-GO
                * P2P-device


All times are GMT -5. The time now is 07:24 PM.