Why do i see Ethernet II protocol in wireshark in wireless connection?

wireless-networking ethernet wireshark 802.11
6,133

It really is about monitor mode. Read on.

802.11 was designed to be "wireless Ethernet", and 802.11 interfaces have traditionally presented themselves to the OS as Ethernet interfaces so the OS only sees the packets after they've been translated back into familiar Ethernet II or 802.3 frames. This was necessary to make 802.11 work without requiring OSes to add a lot of code to understand all the new complexity that came with 802.11.

So on many systems, when you capture packets from an 802.11 interface that's operating normally, associated to an AP and passing traffic, you won't see 802.11 headers or 802.11-specific frames. You'll only see data frames after they've been translated back into wired Ethernet frames (Ethernet II or 802.3).

Depending on your sniffer, OS, and wireless drivers, you may be able to tell your sniffer to tell your wireless interface that you want to capture the packets in 802.11 format instead of Ethernet format. Look for a way to change the interface Data Link Type (DLT) from "EN10MB" to "IEEE802_11".

I know that on macOS, the 802.11-specific DLTs are not exposed unless you put the interface into 802.11 monitor mode. I suspect the same is true of other environments.

So it really may come down to monitor mode. Not because you want to see traffic from other BSSes on the same channel, but because some implementations hide those DLTs unless they are in monitor mode.

Share:
6,133

Related videos on Youtube

Pioneerhfy
Author by

Pioneerhfy

Updated on September 18, 2022

Comments

  • Pioneerhfy
    Pioneerhfy over 1 year

    I have a small network in my home that consists of one network device named airties rt-205 and clients. Clients connect to this device via wireless and send its packet to the internet through this device.

    I know that 802.11x protocol is used in wireless connection and Ethernet protocol is used in wired connection. If this is not true, please let me know about right one.

    The question is that why do i see "Ethernet II" protocol at layer 2 in wireshark when wireless connection is used. Instead of Ethernet II, should 802.11n(a,b,g,ab... whatever technology is used) be in wireshark at layer 2?

    I'm not talking about monitor mode and managed mode. This is different from mode of wireless card. I think that I should see data that were sent from my airties rt-205 device to only me using wireless connection, in wireshark as 802.11 protocol at layer 2.

    Thanks in advance

  • Christopher Maynard
    Christopher Maynard over 6 years

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What are the 0 bytes at the end of an Ethernet frame in Wireshark?
Windows 8.1 Hosted Network has No Internet Access
Why Chromecast not working over ethernet cable?
Should I connect my laptop through an ethernet cable instead of wifi?
How can I capture other computers traffic in Wireshark on a WiFi-network?
How to set intel centrino advanced-n 6205 in "monitor mode" in Windows 7 (32bit) and Wireshark
Why does CSMA/CD require a minimum frame size?
Can a wrongly crimped Ethernet Cable work, but not as intended?
Wifi range extender with ethernet input
how to achieve gigabit speeds on LAN + WIFI at home?