At that point, I imagined I could see decoded MAC, but it seems not the case. I noticed in 802.11 preferences, I can set "Enable decryption". I am quite familiar with MAC level but I don't know anything about 802.11. I managed to enable monitor mode, and it works fine and with Wireshark I see all the packets on "my" channel. Just for my culture, if you like to answer: once 2 WiFi devices "know" themselves, do the packets between them travel "directly" or are them received and re-sent from the A.P.? In the first case I wonder how two devices too far away (but each one close enough to the A.P.) talk.! The downside is having to configure/manage two APs.įrom your words, I learned something I didn't even imagined: the adapter itself works as a "switch" and, of course, in that case Promiscuous is useless. This has the option of not needing to decrypt traffic, assuming you are using WPA2 on your wireless links. You could sniff the wire connecting the APs with a mirror port/tap/whatever, and get the data between the devices that way. Have a wireless client on one AP, and a wireless client on the second AP. Luckily, Wireshark does a fantastic job with display filters.Īnother option is two APs with a wired link in between. I realize you don't want everything, but with a wifi adapter in monitor + promiscuous mode, I think you will get everything and then it becomes a filter exercise to isolate what you want. To remove this filter, you want to put the adapter in monitor mode. You might find some exceptions, but all of the adapters I have used have this filter on by default. Imagine the WiFi adapter will filter out unicast frames not destined for your host, much as an ethernet bridge/switch will do. However, just like in a wired switch environment, if they are not at the interface promiscuous mode won't help. from the other devices under review) are available at the network interface - they would be passed up for analysis. Promiscuous mode is great if the actual ethernet frames you are looking for (i.e. I think you will need monitor AND promiscuous mode on the wifi adapter. I close Wireshark, i force the board in promiscuous mode, I restart Wireshark but I still see only broadcast.Īny suggestions for USB WiFi dongles with divers implementing promiscuous mode (Linux)? I see some other random messages from other devices.Ĭuriously, with ifconfig wlp3s0, I see the board is NOT in promiscuous mode once Wireshark is started. With all of them, I don't see all packets and it looks they fail to enter promiscuous mode: once I see the very first ARP-RQ, I don't see anything else between the two devices. I tried: Intel Link 5100 AGN Linksys Wireless-G Qualcomm Atheros AR928X Can you confirm promiscuous mode is NOT what I need? Yes, I red carefully (I hope) "WLAN (IEEE 802.11) capture setup" paragrph, but I am confused: I don't need to capture radio-level, I don't need to capture all SSID's but I need to see packets not directed to me. I do't need to trace at radio level, but I just need (want!) to see from Ethernet level, so I guess I simply need a WiFi card/adapter/dongle able to accept "promiscuous" mode. Hello, I need to trace between two WiFi devices, connected to the same A.P.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |