[clug] monitor mode after association
Paul TBBle Hampson
Paul.Hampson at Pobox.com
Tue Nov 7 09:14:28 GMT 2006
On Wed, Nov 08, 2006 at 04:45:49AM +1100, chris wrote:
> I can put my card into promiscuous mode through Ethereal as it has an
> option in 'Interface' section. But this way I get a lot less
> packets(mainly DNS query and smb stuff) than if I were to put my card
> into monitor mode. Even though monitor mode lets you capture a lot
> more packets, those packets aren't particularly useful unless the
> network is unencrypted, e.g. the ANU wireless network.
> It looks like promiscuous mode under managed mode isn't the same thing
> as monitor mode for a simple reason the latter gets you more packets.
I would expect that a WPA2-protected wireless network will actually have
a unique key between each associated STA and the AP. So like promiscuous
mode on an ethernet device attached to a switch, promiscuous mode on
such a wireless network will only show you traffic that was already
destined for you, plus broadcast traffic and maybe traffic for which the
AP doesn't know where to send it.
I _believe_ I saw an option in an AP's config once to disable pairwise
keys and use only the group key, which would make promiscuous mode
operate successfully.
Otherwise, you won't even have the key to decrypt the non-for-you
packets you see floating past in monitor mode.
(I could be wrong here, but that's how I recall it operating for
WPA2... I think it was one of the things that keeps older cards
only able to do WPA with a firmware upgrade, lack of support for
multiple simultaneous keys...)
--
-----------------------------------------------------------
Paul "TBBle" Hampson, B.Sc, LPI, MCSE
On-hiatus Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
Paul.Hampson at Pobox.Com
Of course Pacman didn't influence us as kids. If it did,
we'd be running around in darkened rooms, popping pills and
listening to repetitive music.
-- Kristian Wilson, Nintendo, Inc, 1989
License: http://creativecommons.org/licenses/by/2.1/au/
-----------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20061107/7de021ee/attachment.bin
More information about the linux
mailing list