[clug] monitor mode after association
Ian
darkstarsword at gmail.com
Tue Nov 7 07:19:26 GMT 2006
Hey Chris,
Basically, monitor mode will capture every packet on the current
channel (and the occasional packet from neighbouring channels in 11b/g
but not 11a), while promiscuous mode captures every packet on the
current associated network (ie, after the WiFi has become
transparent). Also, monitor mode will also allow you to examine the
extra wifi headers on every packet that is usually removed before the
packet is even passed onto the kernel (Monitor mode essentially
bypasses the usual processing that occurs in the card/firmware/driver
related to the network ID filtering and disables stripping the wifi
headers, similar to how promiscuous mode bypasses the cards MAC
filtering).
Monitor and Managed modes are mutually exclusive by definition (the
kernels network stack code doesn't know what to do with the extra
headers you get in monitor mode).
Some drivers provide a method that will allow you to put the card into
both modes simultaneously by use of virtual interfaces - I don't know
how this would be achieved on your specific card (or if it is even
possible), check your drivers documentation.
On mine (madwifi drivers for atheros chipset which does all of this
processing in the driver, as opposed to the firmware/card) this is
achieved with the wlanconfig utility to create a new virtual interface
in monitor mode: wlanconfig ath1 create wlandev wifi0 wlanmode monitor
(so ath0 is in managed while ath1 is in monitor and wifi0 represents
the physical card). Older madwifi created the second interface by echo
1 > /proc/sys/dev/ath0/rawdev && ifconfig ath0raw up.
If it isn't possible on your card you could always use a second card
so one can be in monitor while the other is in managed, or maybe look
into some kernel network stack hack to allow it to process, or at
least strip, the monitor headers at that level (be aware that
different wifi chipsets produce different headers though).
-Ian
On 07/11/06, Christopher Zhang <u4123459 at anu.edu.au> wrote:
> Hi list,
>
> I am trying to put my Intel 3945 wireless card into monitor mode to
> work with ethereal in my own WPA2 encrypted network, it seems that
> the card will automatically change back to managed mode after
> associating to the AP. This makes it impossible to stay at
> promiscuous mode for packets collection. However the card will stay
> at monitor mode if I didn't try to associate it with the AP, but
> that's pretty much useless as all packets I can see are encrypted and
> appear in ethereal under protocol 802.11.
>
> Does anyone have a better idea to put a wireless card stay at monitor
> mode after association in a WPA encrypted network?
>
> Thanks
>
> Chris
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
--
On the day *I* go to work for Microsoft, faint oinking sounds will be
heard from far overhead, the moon will not merely turn blue but
develop polkadots, and hell will freeze over so solid the brimstone
will go superconductive.
-- Erik Raymond, 2005
--
Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
More information about the linux
mailing list