No announcement yet.

problem with wireless sniffing

  • Filter
  • Time
  • Show
Clear All
new posts

  • problem with wireless sniffing

    I am having a problem sniffing wireless packets on my home network. I recently put Auditor on one of my older laptops (a Gateway Solo) and hooked up my Orinoco card (8470-WD) to it. All programs seemed to work fine (Kismet, Wellenreiter, etc), except for when I tried to sniff wireless traffic. I can see all traffic originating from the WAP, but no traffic destined for the WAP, i.e., if client A pings the AP, all I will see is the ICMP replys from the AP, but not the requests sent by client A. I did some testing and it seems that I can also see all traffic between clients just fine (client A pings client B and I can see all requests/replys). So, for some reason, I am not picking up any traffic that is destined for my WAP. I tried several different sniffers including tcpdump and ethereal, and all clients and the AP are within a 20 foot radius of each other. Anyone have any ideas?

  • #2
    your rules are screwed up. Use tcpdump instead. Here's a quick way to get an assload of data, to insure everything is working OK

    tcpdump -i wi0 -nnvvvXs 0
    that should get you everything you need
    "Never Underestimate the Power of Stupid People in Large Groups"


    • #3
      Hmmm...tried tcpdump using those options, still have the same problem.


      • #4
        Just a suggestion, you might want to check out the NetStumbler forums, they usually pretty helpful in matters such as this. NetStumbler Forums
        Aut disce aut discede


        • #5
          Well, I actually posted to the Netstumbler forum first, but still no luck. I have found what the problem is, I just don't know why it is. I noticed a high number of Rx invalid nwid's listed under iwconfig and a quick test confirmed that all packets being sent to my AP are being seen as having invalid network IDs, which would explain why they aren't showing up in tcpdump. But, I have no idea why it would see them as invalid since both laptops are associated with the AP and can ping each other as well.

          I also don't think this is a software error, as I booted up to a WHAX cd and tried switching to a few different drivers as well, but still had the same problem.

          A quick google only came up with the problem being related to preamble length settings on the router, but I have tried both long and short preambles with no change. If anyone has any idea would cause certian packets to be seen as not being on the same wireless network, it would be a great help.


          • #6
            I like kismet for this very reason, logging to .dump files for inspection later, if I need real time tcpdump has never failed.
            I would like to meet a 1 to keep my 0 company.