First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

macOS Big Sur 11.3.1 (20E241) unable to capture any packets via Wireshark

By using MacBook Pro with MACOS Big Sur 11.3.1 (20E241) unable to capture any packets via Wireshark3.4.9.

Getting below error, is there anything need to be done to start capturing the packets for wireless interface.

ERROR

As no data was captured, closing the temporary capture file.

Help about capturing can be found at

   https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup
hieswar's avatar
1
hieswar
asked 2021-11-11 09:31:44 +0000
Guy Harris's avatar
19.9k
Guy Harris
updated 2021-12-07 21:11:44 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Are you connected to a wireless network? Do you want to be?

Bob Jones's avatar Bob Jones (2021-11-11 19:57:33 +0000) edit
more
  • delete

yes. Connected to Wireless network. Macbook has valid IP address. Using Macbook's terminal, tcpdump collect the wireless packet, working as expected. Only Wireshark is not capturing the wireless packet

hieswar's avatar hieswar (2021-11-11 20:19:36 +0000) edit
more
  • delete

On the otherhand tshark works fine to capture wireless packets, but tshark too not working when tried with monitor mode

hieswar's avatar hieswar (2021-11-12 10:53:07 +0000) edit
more
  • delete

tcpdump probably won't work in monitor mode, either.

Guy Harris's avatar Guy Harris (2021-12-09 21:17:22 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Wireshark on MAC cannot be associated to an access point while capturing packets. Disassociate the MAC from the access point and try to capture again.

wifinut's avatar
1
wifinut
answered 2021-12-06 06:05:37 +0000
edit flag offensive 0 remove flag delete link
more

Comments

NEWER Macs cannot be associated to an access point while capturing packets in monitor mode.; they don't have this problem when not capturing in monitor mode. Older Macs don't have that issue.

tcpdump and TShark will only capture in monitor mode if run with the -I command-line flag. Perhaps Wireshark was defaulting to monitor mode.

Guy Harris's avatar Guy Harris (2021-12-07 06:39:07 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer