Dear ALL,
I'm trying to sniff corrupted packet using Wireshark.
The test environment is :
- TX : Ubuntu OS, ath9k_htc driver, Wireshark promiscuous mode
- RX : Ubuntu OS, ath9k_htc driver, Wireshark promiscuous mode
- Sniffer : Ubuntu OS, ath9k_ar9003 driver, Wireshark monitor mode
I set FCS(Frame Check Sequence) value to wrong for making corrupted packet
Also to capture corrupted packet, I disable CRC check filtering at sniffer machine
Before I make corrupt packet, I can see TX<->RX communications (ex. TCP/IP socket comm, ping req/rep)
Actually, the sniffer capture TX<->RX communications not very well. It's captured intermittently.
Why sometimes sniffer cannnot get packet from specific traffic? (yeah, other packet from other OS/driver are captured very well)
Anyway when I set FCS value to wrong, the results are :
- TX :
before FCS set : capture ping req/rep
after FCS set 1. : capture ping request (no response)
after FCS set 2. : stop ping request, capture ARP message (who has RX ip ? tell TX mac) repeatedly
- Sniffer :
before FCS set : capture ping req/rep
after FCS set 1. : nothing while TX capture ping req (no resp)
after FCS set 2. : capture many of 80211(RTS) packet from TX mac to AP mac (FCS/CRC incorrect)
I also tried to set TX RTS disable using 'iwconfig wlan_interface rts 2400' (I think it means that use RTS if transmit packet size over 2400 bytes)
However, the results are not different
How can I see corrupted packet(especially TCP/IP packet) from Wireshark ?
If you are confused or need more information, please tell me
Thanks.