LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Wireless Networking (https://www.linuxquestions.org/questions/linux-wireless-networking-41/)
-   -   Wireshark in promiscuous mode (https://www.linuxquestions.org/questions/linux-wireless-networking-41/wireshark-in-promiscuous-mode-552033/)

TotalLinuxNoob 05-07-2007 03:11 PM
Wireshark in promiscuous mode
 
Trying to do some sniffing with wireshark in promiscuous mode but not having any luck. In my test environment there are 3 (protected) networks but when sniffing in promiscuous mode no packets are shown.
The wireless interface is set in promiscuous mode (using ifconfig eth1 promisc). This is using the BCM4318 wireless network adapter.

Sniffing my own network traffic works fine.

Any help appreciated.

2Gnu 05-07-2007 03:22 PM
Which driver - bcm43xx or ndiswrapper?

Does the one you're using (or either, for that matter) support promiscuous mode? Check, because you may be asking more of the device than it can deliver.

TotalLinuxNoob 05-07-2007 03:29 PM
According to the device manager (Advanced tab, info.linux.driver), ndiswrapper.
I'll have a google to find out whether it supports it.
According to this page http://ubuntuforums.org/showthread.php?t=197102 the ndiswrapper driver does not support promiscuous mode but the native driver does. The native driver is included with Ubuntu 7.04.
I have not gotten the native driver to work myself so Im stuck with the ndiswrapper driver. Ah, well. Thanx for your help.

2Gnu 05-07-2007 04:02 PM
Quote:
Originally Posted by TotalLinuxNoob
AWhere do I start making sure it uses the native driver?

EDIT: read the how to.
That's a good place to start. ;)

There are several good thread in this forum about the bcm43xx and ndiswrapper.

In simple terms, you'll:

Remove the driver you don't want with modeprobe -r <module_name>
Blacklist the unwanted driver by editing the blacklist file (/etc/modprobe.d/blacklist on my machine).
Use the fwcutter tool to extract the firmware for your card from the Windows driver and copy it to /liblfirmware.
Modprobe the bcm43xx module.

TotalLinuxNoob 05-08-2007 03:38 PM
Thanks for your help. I won't be going back to this for a while since I need the wifi driver for daily use and I rather use the ndiswrapper one because it supports 54Mbit. I did have a shot at uninstalling the ndiswrapper driver and installing the native driver but it didn't look like it loaded. Probably because ndiswrapper itself was still loading on bootup but with the driver uninstalled. "Upping" eth1 atleast threw a non existent interface error.
In winblows promiscuous mode didn't work either but that's prob due to the win driver not supporting promisc mode anyhow. That would figure ndiswrapper not working for promisc. mode.

TotalLinuxNoob 06-20-2007 02:58 PM
I got the FOSS driver installed and set the card to promiscuous mode
Code:
eth1      Link encap:Ethernet  HWaddr
          UP BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:16 overruns:0 frame:0
          TX packets:1071 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:50042 (48.8 KiB)
          Interrupt:11 Base address:0x4000
Yet wireshark will not capture anything in promiscuous mode.
Link layer header type specifies Ethernet which obviously does not apply to wifi networks but the only other option is Data over Cable service Interface spec which crashes Wireshark.


All times are GMT -5. The time now is 08:45 PM.