>On 10/26/2011 12:29 PM, Aaron Leonard wrote:
>> We posted some new articles on cisco.com, on the subject of getting a
>> packet capture. The main focus is to help Cisco customers collect captures
>> that we can troubleshoot their problems, but these tips may be generally
>Technically, isn't a packet sniffer strictly passive?
>If so, then the
>comment about the sniffer using a transmitter doesn't make sense.
If you're referring to 1) in https://supportforums.cisco.com/docs/DOC-19136
then that's not quite what it says there. Maybe we could word it better.
>No mention of wireshark. Is netmon better?
OK, let's break this down ...
* Wireshark actually works well in Mac OS X 10.7 to do a wireless sniff, and in
fact our doc https://supportforums.cisco.com/docs/DOC-19212
gives some examples
* Wireshark also can be used in Linux to do a wireless sniff ... we decided not
to document anything in this area however, because there are so many variants of
Linux, not to mention driver issues.
* With Windows, however, Wireshark normally *can't* do a wireless sniff. The
exception is with the AirPcap adapters from Riverbed (nee CACE). (It would be
ideal if Wireshark could be enhanced to hook into the Windows 7 driver API for
promiscuous wireless ... but on the other hand, as Riverbed is a sponsor of
Thus, when it comes to "free" wireless sniffing in Windows 7, Netmon is the only
game in town. I'm not too thrilled about the user interface, but it does
usually work pretty well (modulo whatever the capabilities of the underlying
adapter may provide.)
Thanks for the feedback.