Thread: [Aironet] True Aironet Sniffing on Linux
Status: Inactive
Brought to you by:
breed
From: Andy B. <bal...@ci...> - 2000-06-21 00:47:01
|
I've been trying to sniff with an Aironet 340 using the latest driver's from Ben Reed's site, under RedHat 6.2. tcpdump will run, and show me packets, but all I see are broadcasts, packets sent to the sniffing PC, and packets sent from the sniffing PC. I do NOT see other traffic sent by another wireless PC that goes straight to the Access Point (unless of course I'm pinging the sniffer). I have all the WEP & SSID set up correctly because the 2 PC's can communicate with each other. Has anyone gotten true sniffing working, where you see everything that passes through the RF link? Thanks, Andy |
From: Paul C. <castrop@CS.UCLA.EDU> - 2000-06-22 19:53:40
|
This is good to know -- I posted here about a month ago because I wanted to do some sniffing myself. I'm interested in extracting signal quality measures from all available STAs, APs, etc that can be seen by my laptop. I've started to modify the driver so I can send the card into monitor mode by setting the eth0/Config file ...I'd also like to print the mac address of the "sniffed" device to the eth0/Status file (right now only the AP name is written which in my environment is strangely left blank). Question: when the packet is written into the socket buffer, what headers are available to the driver? Do I get the Receive Control Header + 802.11 + 802.3 for data packets? Or just 802.11 + 802.3? Thanks for all the good info on this mailing list! Paul |
From: Bob E. <Rob...@an...> - 2000-06-21 00:57:01
|
Andy Balinsky wrote: > > I've been trying to sniff with an Aironet 340 using the latest driver's from > Ben Reed's site, under RedHat 6.2. tcpdump will run, and show me packets, > but all I see are broadcasts, packets sent to the sniffing PC, and packets > sent from the sniffing PC. I do NOT see other traffic sent by another > wireless PC that goes straight to the Access Point (unless of course I'm > pinging the sniffer). > I have all the WEP & SSID set up correctly because the 2 PC's can > communicate with each other. > > Has anyone gotten true sniffing working, where you see everything that > passes through the RF link? > > Thanks, > Andy > > _______________________________________________ > Aironet mailing list - Ai...@cs... > http://csl.cse.ucsc.edu/mailman/listinfo/aironet The nature of the RTS/CTS protocol used in IEEE802.11 makes the whole concept of "promiscuous" mode impossible. This is the main reason as to why these cards can't generally be used for "bridging" unless they are put into a special mode (eg. Access Point mode). Although it looks like Ethernet at the driver interface, what is happening at the radio side is not at all like classic Ethernet. Sorry I can't provide a more encouraging reply to your query. Cheers, Bob Edwards. |
From: Jim V. <jv...@ci...> - 2000-06-28 15:25:34
|
Any current deficiencies with packet sniffing under Linux is with the current drivers... (No fault of Ben's) I have used the radios under msdos with a packet driver and easily sniffed a whole room full of traffic using FTP software's lanwatch. This showed all the multicasts, unicasts and broadcasts the card was able to receive. I was NOT seeing any 802.11 control packets - but that was probably due to a misconfiguration of the the radio on my part - not that LW would know how to display them anyway... Ever since the acquisition of Aironet by Cisco - more importance has been given to functionality under Linux. Before Aironet was acquired - there was only one person in the company really using our products under Linux that I know of - myself. (With the help of Ben's driver of course) That has changed. There is a strong Unix/Linux culture at Cisco (Aironet was primarily Windows centric) and the powers that be have decided we needed onboard Linux support. A couple of months ago a developer was hired strictly for Linux development. He has been looking at Ben's driver and is working on making a derivative - with more functionality and lots of ioctl stuff.... I have talked to him about the desire for promiscuous mode support and he has assured me that it should not be a problem - but management has decided that his first priority is a gui similar to Window's "WinDGS" or "Aironet Client Utility" as it is called now. The driver and utility is far from being even considered pre-alpha at this time - but when he has something ready for release we will make it available somewhere... Jim At 08:48 PM 6/20/00, Andy Balinsky wrote: >I've been trying to sniff with an Aironet 340 using the latest driver's from >Ben Reed's site, under RedHat 6.2. tcpdump will run, and show me packets, >but all I see are broadcasts, packets sent to the sniffing PC, and packets >sent from the sniffing PC. I do NOT see other traffic sent by another >wireless PC that goes straight to the Access Point (unless of course I'm >pinging the sniffer). > I have all the WEP & SSID set up correctly because the 2 PC's can >communicate with each other. > >Has anyone gotten true sniffing working, where you see everything that >passes through the RF link? > >Thanks, >Andy > > >_______________________________________________ >Aironet mailing list - Ai...@cs... >http://csl.cse.ucsc.edu/mailman/listinfo/aironet |
From: Elmer J. <el...@yl...> - 2000-06-28 19:38:36
|
my driver does it, but as aironet specs are crap at the point, u have to use proc interface to switch it on and then tcpdump. Unfortunatley, to my current knowledgem, card need major kick to come out of sniffing mode. Thats why it is not made automatic, elmer. |