I'm trying to capture WiFi packets between a Windows 10 machine (client) and a
Linux controller (AP) using 802.11b/g/n in the 2.4GHz range on channel 1. I'm
running an iperf3 test between the client and the AP. I can capture traffic,
but the capture doesn't seem to collect nearly as much data as is passing
between the client and AP. Do I have something set up wrong?
I've got an Alfa awus036neh USB WiFi adapter on a separate laptop booted into
Kali Linux (2019.3). I start the adapter in monitor mode using the following
commands, and start netsniff-ng. The details are in the attached text file.
root@kali:~# airmon-ng check kill root@kali:~# airmon-ng start
wlan1root@kali:~# iw wlan1mon set channel 1 HT20
root@kali:~# netsniff-ng --in wlan1mon --out dump.pcap --silent --bind-cpu 1
iperf3 reports 10's of MB being transferred during the recording (5MBytes per
second), but the dump.pcap file is less than 1MB. It doesn't seem that
everything is being recorded. Is the data being stripped out? I'm not
specifying a filter.
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/netsniff-ng/1847617941.270633.1572616266725%40mail.yahoo.com.
root@kali:~# iw dev
phy#1
Interface wlan1
ifindex 4
wdev 0x100000001
addr 76:38:50:b4:7a:4f
type managed
txpower 20.00 dBm
phy#0
Unnamed/non-netdev interface
wdev 0x2
addr 28:16:ad:c9:9d:61
type P2P-device
txpower 0.00 dBm
Interface wlan0
ifindex 3
wdev 0x1
addr 82:d4:86:49:73:24
type managed
txpower 0.00 dBm
multicast TXQ:
qsz-byt qsz-pkt flows drops marks overlmt
hashcoltx-bytes tx-packets
0 0 0 0 0 0 0
00
root@kali:~# airmon-ng check kill
Killing these processes:
PID Name
1105 wpa_supplicant
root@kali:~# airmon-ng start wlan1
PHY Interface Driver Chipset
phy0 wlan0 iwlwifi Intel Corporation Wireless 8260 (rev 3a)
phy1 wlan1 rt2800usb Ralink Technology, Corp. RT2870/RT3070
Failed to set wlan1mon up using ip
(mac80211 monitor mode vif enabled for [phy1]wlan1 on
[phy1]wlan1mon)
(mac80211 station mode vif disabled for [phy1]wlan1)
root@kali:~# iw dev
phy#1
Interface wlan1mon
ifindex 5
wdev 0x100000002
addr 00:c0:ca:95:fa:30
type monitor
txpower 20.00 dBm
phy#0
Interface wlan0
ifindex 3
wdev 0x1
addr 82:d4:86:49:73:24
type managed
txpower 0.00 dBm
multicast TXQ:
qsz-byt qsz-pkt flows drops marks overlmt hashcol
tx-bytes tx-packets
0 0 0 0 0 0 0
0 0
root@kali:~# airmon-ng stop wlan1mon
PHY Interface Driver Chipset
phy0 wlan0 iwlwifi Intel Corporation Wireless 8260 (rev 3a)
phy1 wlan1mon rt2800usb Ralink Technology, Corp. RT2870/RT3070
(mac80211 station mode vif enabled on [phy1]wlan1)
(mac80211 monitor mode vif disabled for [phy1]wlan1mon)
root@kali:~# airmon-ng start wlan1
PHY Interface Driver Chipset
phy0 wlan0 iwlwifi Intel Corporation Wireless 8260 (rev 3a)
phy1 wlan1 rt2800usb Ralink Technology, Corp. RT2870/RT3070
(mac80211 monitor mode vif enabled for [phy1]wlan1 on
[phy1]wlan1mon)
(mac80211 station mode vif disabled for [phy1]wlan1)
root@kali:~# iw dev
phy#1
Interface wlan1mon
ifindex 7
wdev 0x100000004
addr 00:c0:ca:95:fa:30
type monitor
channel 10 (2457 MHz), width: 20 MHz (no HT), center1: 2457 MHz
txpower 20.00 dBm
phy#0
Interface wlan0
ifindex 3
wdev 0x1
addr 82:d4:86:49:73:24
type managed
txpower 0.00 dBm
multicast TXQ:
qsz-byt qsz-pkt flows drops marks overlmt hashcol
tx-bytes tx-packets
0 0 0 0 0 0 0
0 0
root@kali:~# iw wlan1mon set channel 1 HT20
root@kali:~# netsniff-ng --in wlan1mon --out dump.pcap --silent --bind-cpu 1
Running! Hang up with ^C!
0 packets incoming (0 unread on exit)
0 packets passed filter
0 packets failed filter (out of space)
20 sec, 428739 usec in total
***Unplugged and re-plugged the Alfa WiFi adapter that was wlan1
root@kali:~# iw dev
phy#2
Interface wlan1
ifindex 8
wdev 0x200000001
addr 00:c0:ca:95:fa:30
type managed
txpower 0.00 dBm
phy#0
Interface wlan0
ifindex 3
wdev 0x1
addr 82:d4:86:49:73:24
type managed
txpower 0.00 dBm
multicast TXQ:
qsz-byt qsz-pkt flows drops marks overlmt hashcol
tx-bytes tx-packets
0 0 0 0 0 0 0
0 0
root@kali:~# airmon-ng start wlan1
PHY Interface Driver Chipset
phy0 wlan0 iwlwifi Intel Corporation Wireless 8260 (rev 3a)
phy2 wlan1 rt2800usb Ralink Technology, Corp. RT2870/RT3070
(mac80211 monitor mode vif enabled for [phy2]wlan1 on
[phy2]wlan1mon)
(mac80211 station mode vif disabled for [phy2]wlan1)
root@kali:~# iw wlan1mon set channel 1 HT20
root@kali:~# iw dev
phy#2
Interface wlan1mon
ifindex 9
wdev 0x200000002
addr 00:c0:ca:95:fa:30
type monitor
channel 1 (2412 MHz), width: 20 MHz, center1: 2412 MHz
txpower 20.00 dBm
phy#0
Interface wlan0
ifindex 3
wdev 0x1
addr 82:d4:86:49:73:24
type managed
txpower 0.00 dBm
multicast TXQ:
qsz-byt qsz-pkt flows drops marks overlmt hashcol
tx-bytes tx-packets
0 0 0 0 0 0 0
0 0
root@kali:~# netsniff-ng --in wlan1mon --out dump.pcap --silent --bind-cpu 1
Running! Hang up with ^C!
9349 packets incoming (11 unread on exit)
9360 packets passed filter
0 packets failed filter (out of space)
0.0000% packet droprate
15 sec, 431698 usec in total
