> -----Original Message-----
> From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
> Sent: Wednesday, December 31, 2003 3:44 PM
>
> On Wed, Dec 31, 2003 at 03:09:20PM +0800, Ow Mun Heng wrote:
> > RH9
> > Ethereal 0.9.15
> > Linux 2.4.23
> >
> >
> > Having some issues with sniffing 802.11 networks. Currently
> I do not see
> > any traffic other than my own.
>
> What 802.11 card are you using?
Netgear MA401-RA
hostap_cs drivers
Also tried with intel pro/wireless 2100 using ndiswrapper
>
> > I'm not sure if it's because the AP is acting as a switch or a hub.
> > Prior to this, like a month back, I was able to sniff traffic going
> > through the AP.
>
> Have you changed either the kernel or the 802.11 card?
Kernel has been changed.. was using 2.4.22-ac4 back then.. I believe it was
using wireless.h version 15
Now changed to kernel 2.4.23 which I believe is using wireless.h version 16
iwconfig is compiled using wireless.h version 16
>
> Are you capturing in promiscuous mode or monitor mode?
>
Promiscuous mode.
Tried using iptraf also no joy.
Funny thing, if I were to use ettercap to arpspoof 1 add to the gateway, I
will be able to get traffic from that machine. (but again, this is spoofing,
What I want is to determine traffic flow. ip traffic flow)
If you think it could be a kernel change issue, I will boot back into my old
kernel and see the effects.
Again, since this is 802.11 traffic, everything's in the air. I should be
able to
sniff it right? The logic's right, right? Otherwise, why would I hear about
'secure your APs' and 'warchalking'...
Thanks
OW