0

I have a laptop running Wireshark. I'd like to find out how to configure wireshark to capture Magic Packets.

I have selected the interface, options, Capture filter, host 192.168.168.19 , Ok, Start on the laptop.

Laptop is IP 192.168.168.14. I want to start up a PC at 192.168.168.19.

I have a program that sends out the Magic Packets called WON Magic Packet Sender. I run it and select send. I don't see anything captured in Wireshark. I have another program called VNC control. I select Wake Up. I get a message saying The WakeUp signal is sent. I still don't get anything captured in Wireshark. I remove the capture filter in Wireshark. I start the capture. I get everything on the network. I add a filter:

ip.src == 192.168.168.19 and ip.dst == 192.168.168.19

I get nothing captured after running both programs.
I removed the last filter and added a new filter:

ip.addr == 192.168.168.19

I get nothing captured after running both programs.

How can I configure Wireshark to capture the magic packets?

Josh Darnell
  • 11,304
  • 9
  • 38
  • 66
Docfxit
  • 137
  • 3
  • 6
  • 15
  • 1
    I don't think that this is a question stackoverflow deals with. –  Nov 11 '12 at 19:39
  • Wake-on-LAN uses raw Ethernet protocol, not IP. So if you filter on the IP address, you won't see it, since there's no IP header in the packet. See http://en.wikipedia.org/wiki/Wake-on-LAN – Barmar Nov 11 '12 at 20:04
  • Um: The referenced Wikipedia article actually says: "Since the magic packet is only scanned for the string above, and not actually parsed by a full protocol stack, it may be sent as any network- and transport-layer protocol, although it is typically sent as a UDP datagram to port 7 or 9, or directly over Ethernet as EtherType 0x0842". So: the packet *could* have an IP header and, if so, the ip destination address might be 255.255.255.255 – willyo Nov 12 '12 at 02:34

1 Answers1

0

Given the definition of the WON frame pattern (and not knowing how it is encapsulated), I would expect a display filter like the following to work:

frame contains ff:ff:ff:ff:ff:ff:mm:mm:mm:mm:mm:mm

where mm:mm:mm:mm:mm:mm is the MAC address of the destination PC (the one to which the WON messge is being sent).

willyo
  • 961
  • 7
  • 9