[Vijay Shyamasundar Shyamasundar <vijayshyamasundar@xxxxxxxxx>]

Sir,

 

Thanks a lot for getting back to me.

 

I am sorry about the attachment thing. Once, I explained my testbed in words and then explanined my problem, nobody got back to me. Probably, it was too big for people to get back to me. This time to keep it small i used this attachment funda. Sorry about it thou.

 

The OS i'm using is Fedora core 3.  My sniffer is also configured as a bridge. Whatever the wireless card see's we are grabbing it and sending it to our network analyzer over the ETH interface by changing the detination MAC address using ebtables. If i put the card in monitor mode, we wont be able to get this to work. Is there any work around for this situation?

 

Regards,

Vijay

 

On 11/30/05, Guy Harris <gharris@xxxxxxxxx> wrote:

Vijay Shyamasundar Shyamasundar wrote:

>  I'm a masters student at towson university. I have attached a doc file
> explaning my issues. i had to do this to send you the testbed diagram i
> have.

That's true only if

   1) you needed to send that diagram - i.e., you couldn't describe the
network in text form;

   2) you couldn't type the diagram in as "ASCII art";

   3) you couldn't save it in some format such as GIF format and attach
it to that message.

The *text* of the message clearly did *not* need to be done in Word format.

Fortunately, I happen to have handy a program that can read Word
documents; here's my attempt at describing the network (BTW, the text in
the diagram is *REALLY* hard to read here, and zooming made the diagram
disappear; hopefully, I'll get the text right):

There's an access point, with the IP address 192.168.0.2, for the "vowlan"
network.  There are three machines associated with that network:

   wireless STA1, with the IP address 192.168.0.10;

   wireless STA2, with the IP address 192.168.0.11;

   the sniffer.

The access point is connected via Ethernet to a switch; another machine
attached to that switch is Ethernet STA, with the IP address 192.168.0.12.

Now for the text of your message:

> I'm using the above network testbed for some VOIP testing. Softphones
are installed on the stations (STAs). The wireless sniffer is in
promiscuous mode and is seeing the vowlan network.
>
> While making calls from wireless STA1 to Wireless STA2, sniffer can see
both the streams from 192.168.0.10 ? 192.168.0.11 and 192.168.0.11 ?
192.168.0.10
>
> While making calls from wireless STA1 to Ethernet STA, I can only see
the ETH to wireless i.e. 192.168.0.12 ? 192.168.0.10 stream. I CANNOT
see 192.168.0.10 ? 192.168.0.12 stream while sniffing the same way as I
did in wireless to wireless case above.
>
> My understanding is, my wireless card in promiscuous mode (sniffer)
should have seen those packets when the wireless STA1 sent it to AP.
But, this doesn't seem to work that way.

What OS is the sniffer running?

> My observation is, whenever AP is sending out packets on the wireless
interface, the sniffer can see it. In wireless to wireless case, the
sniffer can see both streams b'coz
>
> Packet goes from Wireless STA1 to AP, then AP sends it out to Wireless
STA2, our sniffer gets it. > The other stream works the same way and
sniffer gets it.
> However, in case of wireless STA1 sending to Ethernet STA, packet from
wireless STA1 goes to AP, then AP sends it out on it's ETH interface,
hence my wireless card in promiscuous mode cannot see it going on eth
interface of AP.
>
> My question is, Why cant my sniffer see the packet from wireless STA1 to
AP? I have checked there are no filters set on ethereal. Somebody please
explain

As you note, it *might* be that, in promiscuous mode, the adapter supplies
to the host only packets sent *by* the AP, not packets sent *to* the AP,
so that you don't get *two* copies of a packet that goes from a station to
the AP and then from the AP to the destination station.

If that's the case, sniffing in promiscuous mode won't help.  You might be
able to do it in "monitor mode", if the wireless adapter and its driver
(and the OS framework into which the driver fits) support that.  See

   http://wiki.ethereal.com/CaptureSetup/WLAN

for information on how this is done on various OSes.  (I don't know
whether that'll do the job, however.)

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users