In promiscuous mode, you will not see packets until you have associated. The need to associate means that you must have some measn of authenticating yourself with an access point. Promiscuous mode allows you to view all wireless packets on a network to which you have associated. Another aspect of monitor mode is that the NIC does not care whether the CRC values are correct for packets captured in monitor mode, so some packets that you see may in fact be corrupted. In fact transmiting is sometimes not possible while in monitor mode (driver dependent). This is desireable in that you can choose to "monitor" a specific channel, and you need never transmit any packets. Monitor mode enables a wireless nic to capture packets without associating with an access point or ad-hoc network. What is the difference betwen monitor and promiscuous mode? Monitor mode also seems to work, but I only get low level 802.11 traffic from various SSIDs around me. Using the ifconfig terminal command I can confirm that the interface has the PROMISC flag added to it while Wireshark is capturing, so I was expecting it to work. I still only see broadcast, mulitcast and unicast traffic to and from my laptop. Entering promiscuous mode in Wireshark seems to make no difference. The issue I'm encountering is when I try and use promiscuous mode to monitor WiFi traffic from my mobile phone. I'm assuming this is working correctly as I'm able to capture from the WiFi no problem. I've installed the Chmod script which gives me access to /dev/bpf*. It's the MacOS package from the Wireshark site. I'm using a MacBook Pro with OS 10.6.2 installed. > I'm attempting to use Wireshark to monitor WiFi traffic between my mobile phone and my local WiFi network. On Jan 6, 2010, at 12:58 PM, Daniel Briley wrote:
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |