On Thu, 2013-07-11 at 13:08 +0100, José Miguel Gonçalves wrote: > Hi Luca, > > On 10-07-2013 21:27, Luciano Coelho wrote: > > I have a text console only system. I could put tcpdump on my system, but I think I > > can not monitor wireless traffic with it, or can I? > > tcpdump will probably not be enough. But since this stuff is *wireless* > > you can sniff from a different PC. If you have Linux PC, just plug in > > your TP-Link dongle in it, launch wireshark and you should be able to > > sniff (unencrypted) connections between other devices easily. > > > > I've setup my Linuc PC as a sniffer and yes I see a lot of of authentication > frames on the air when I try to associate with my open AP (Android phone). > > I've repeated the process with a TP-Link dongle and I see a clean 802.11 > association sequence. > > What I found strange is that I don't see "probe request" frames on the wl12xx > captured frames, it starts directly with an "authentication" frame, when with the > TP-Link dongle (ath9k_htc driver) the first frame sent by is a "probe request"! Usually the connection will start with a probe request, but if there is a response in the cache, we may skip it. In any case, this is probably happening because your sniffer is missing those frames (which again points to problems with RF). > I can provide the Wirehsark capture files. What is the best way to send them > through the mailing list? Cut only the portion that matters, so the file is small and gzip it. Small files can be sent as attachments to the list. -- Luca. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
