There are drivers out there on Linux that have in the past, or currently, only support monitor mode (and not promiscuous mode) so only group traffic is sent up for collection. For wireless interfaces you need monitor mode as well to pick up unicast traffic from other devices then promiscuous mode to send it up the stack to be collected. Promiscuous mode on wireless interfaces is a little different than on wired interfaces.
Are the Packets somehow pre-filtered by the interface adapter or the kernel? And if yes, can this be circumvented? From everything i have read so far promiscuous mode "should" work, capturing all packets associated with AP's network. While one obvious solution might be to use a second wireless adapter on A dedicated to monitoring, I do not currently have access to one. Putting A's interface into monitor mode shows all expected packets as well as a lot of unneeded others, at the cost of being able to actually send any data.
I cannot seem to capture the intermediate (forwarded) packets.įurther testing showed that while in promiscuous mode client A does not seem to capture any unicast packets that do not originate or end at A. I would expect to receive 4 packets (ignoring the wireless Dot11 acks, etc.):īut all I get is a request from A -> B and a reply from B -> A. Suppose A sends an ICMP echo request to B.
0 kommentar(er)
