LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices

Reply
 
Search this Thread
Old 05-07-2007, 03:11 PM   #1
TotalLinuxNoob
Member
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 109

Rep: Reputation: 15
Wireshark in promiscuous mode


Trying to do some sniffing with wireshark in promiscuous mode but not having any luck. In my test environment there are 3 (protected) networks but when sniffing in promiscuous mode no packets are shown.
The wireless interface is set in promiscuous mode (using ifconfig eth1 promisc). This is using the BCM4318 wireless network adapter.

Sniffing my own network traffic works fine.

Any help appreciated.
 
Old 05-07-2007, 03:22 PM   #2
2Gnu
Senior Member
 
Registered: Jan 2002
Location: Southern California
Distribution: Slackware 14.0
Posts: 1,874

Rep: Reputation: 49
Which driver - bcm43xx or ndiswrapper?

Does the one you're using (or either, for that matter) support promiscuous mode? Check, because you may be asking more of the device than it can deliver.
 
Old 05-07-2007, 03:29 PM   #3
TotalLinuxNoob
Member
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 109

Original Poster
Rep: Reputation: 15
According to the device manager (Advanced tab, info.linux.driver), ndiswrapper.
I'll have a google to find out whether it supports it.
According to this page http://ubuntuforums.org/showthread.php?t=197102 the ndiswrapper driver does not support promiscuous mode but the native driver does. The native driver is included with Ubuntu 7.04.
I have not gotten the native driver to work myself so Im stuck with the ndiswrapper driver. Ah, well. Thanx for your help.

Last edited by TotalLinuxNoob; 05-07-2007 at 04:04 PM.
 
Old 05-07-2007, 04:02 PM   #4
2Gnu
Senior Member
 
Registered: Jan 2002
Location: Southern California
Distribution: Slackware 14.0
Posts: 1,874

Rep: Reputation: 49
Quote:
Originally Posted by TotalLinuxNoob
AWhere do I start making sure it uses the native driver?

EDIT: read the how to.
That's a good place to start.

There are several good thread in this forum about the bcm43xx and ndiswrapper.

In simple terms, you'll:

Remove the driver you don't want with modeprobe -r <module_name>
Blacklist the unwanted driver by editing the blacklist file (/etc/modprobe.d/blacklist on my machine).
Use the fwcutter tool to extract the firmware for your card from the Windows driver and copy it to /liblfirmware.
Modprobe the bcm43xx module.
 
Old 05-08-2007, 03:38 PM   #5
TotalLinuxNoob
Member
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 109

Original Poster
Rep: Reputation: 15
Thanks for your help. I won't be going back to this for a while since I need the wifi driver for daily use and I rather use the ndiswrapper one because it supports 54Mbit. I did have a shot at uninstalling the ndiswrapper driver and installing the native driver but it didn't look like it loaded. Probably because ndiswrapper itself was still loading on bootup but with the driver uninstalled. "Upping" eth1 atleast threw a non existent interface error.
In winblows promiscuous mode didn't work either but that's prob due to the win driver not supporting promisc mode anyhow. That would figure ndiswrapper not working for promisc. mode.
 
Old 06-20-2007, 02:58 PM   #6
TotalLinuxNoob
Member
 
Registered: Apr 2005
Distribution: Ubuntu
Posts: 109

Original Poster
Rep: Reputation: 15
I got the FOSS driver installed and set the card to promiscuous mode
Code:
eth1      Link encap:Ethernet  HWaddr 
          UP BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:16 overruns:0 frame:0
          TX packets:1071 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:50042 (48.8 KiB)
          Interrupt:11 Base address:0x4000
Yet wireshark will not capture anything in promiscuous mode.
Link layer header type specifies Ethernet which obviously does not apply to wifi networks but the only other option is Data over Cable service Interface spec which crashes Wireshark.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with KNOPPIX 5.1.1/wireshark/monitor mode? liko Linux - Software 1 03-12-2007 07:16 AM
Promiscuous Mode: Yes or No? AvatarofVirgo Linux - Security 3 02-22-2005 07:22 PM
How Do I switch to promiscuous mode? 0din Linux - Newbie 1 03-05-2004 12:34 PM
promiscuous mode of eth santoshbhise Linux - Newbie 1 02-01-2002 09:58 AM
eth0 promiscuous mode susx Linux - Networking 11 09-22-2001 12:39 AM


All times are GMT -5. The time now is 01:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration