Discussion:
unable to see radiotap header
Aneeq Mahmood
2009-04-07 13:03:30 UTC
Permalink
HI
A brief info about my setup and my understanding:

I am running a Prism 2.5 card with HostAP driver on ubuntu. This card is
connected to my AP. The card is now in monitor mode and i have set the IEEE
802.11 radiotap filter to be present


A general query is that while i am in monitor mode (i am the only client to
my AP), i should only be receiving packets. This means that i should receive
any probe responses and beacons on the channel by my AP.

However, the results show that in the monitor mode i only received probe
requests with no radiotap header inside.
i looked around on the web and came across some screenshots of wireshark in
the appendix section of this file
http://etd.gsu.edu/theses/available/etd-11292006-224053/unrestricted/gupta_vaibhav_200612_ms.pdf
i never get anything like that :(

So, bottom line is i am monitoring my WLAN interface, have a filter of
"802.11 radiotap header is present" on, but i am only catching probe
requests from other devices and nothing from my own AP and no radiotap
header as well.

Any help will be appreciated to get radio tap headers.

regards
Guy Harris
2009-04-07 17:48:57 UTC
Permalink
Post by Aneeq Mahmood
I am running a Prism 2.5 card with HostAP driver on ubuntu. This
card is connected to my AP. The card is now in monitor mode and i
have set the IEEE 802.11 radiotap filter to be present
What do you mean by "the IEEE 802.11 radiotap filter"? Do you mean
you've used iwconfig, for example, to set the monitor-mode header to
the radiotap header?
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe
Aneeq Mahmood
2009-04-07 19:44:07 UTC
Permalink
Well i used
iwconfig wlan0 mode monitor

and what i was interested in looking radiotap header inside wireshark but i
hardly caught any packets despite having an Ap feets away.
the question hence is how to see radiotap header with wireshark :s
Post by Guy Harris
Post by Aneeq Mahmood
I am running a Prism 2.5 card with HostAP driver on ubuntu. This
card is connected to my AP. The card is now in monitor mode and i
have set the IEEE 802.11 radiotap filter to be present
What do you mean by "the IEEE 802.11 radiotap filter"? Do you mean
you've used iwconfig, for example, to set the monitor-mode header to
the radiotap header?
___________________________________________________________________________
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
?subject=unsubscribe
Guy Harris
2009-04-07 20:13:47 UTC
Permalink
Post by Aneeq Mahmood
Well i used
iwconfig wlan0 mode monitor
and what i was interested in looking radiotap header inside
wireshark but i hardly caught any packets despite having an Ap feets
away.
the question hence is how to see radiotap header with wireshark :s
That sounds like two problems:

1) not capturing many packets;

2) not seeing radiotap headers.

I can't address the first problem - that's probably either a driver
issue or an adapter issue.

For the second problem, you *might* have to set the "monitor_type"
parameter to 3. What version of the kernel are you using?
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe
Aneeq Mahmood
2009-04-07 20:43:49 UTC
Permalink
Well to be honest, i have never heard anything about setting "monitor type "

my kernel is 2.6.24-16 generic
Post by Guy Harris
Post by Aneeq Mahmood
Well i used
iwconfig wlan0 mode monitor
and what i was interested in looking radiotap header inside
wireshark but i hardly caught any packets despite having an Ap feets
away.
the question hence is how to see radiotap header with wireshark :s
1) not capturing many packets;
2) not seeing radiotap headers.
I can't address the first problem - that's probably either a driver
issue or an adapter issue.
For the second problem, you *might* have to set the "monitor_type"
parameter to 3. What version of the kernel are you using?
___________________________________________________________________________
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
?subject=unsubscribe
Guy Harris
2009-04-08 07:00:03 UTC
Permalink
Post by Aneeq Mahmood
my kernel is 2.6.24-16 generic
At least in the source to the 2.6.24.2 kernel I downloaded from
kernel.org, the hostap driver doesn't appear to support radiotap
headers. If that's the case, you will not be able to get radiotap
headers from your adapter, as the software doesn't support it.
("iwconfig wlan0 mode monitor" isn't guaranteed to turn on radiotap
headers - especially if the driver for the adapter is incapable of
generating radiotap headers; it just puts the adapter into monitor
mode, which might have no radio header, or might have the Prism or AVS
radio header rather than the radiotap header.)
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/***@public.gmane.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request-IZ8446WsY0/***@public.gmane.org?subject=unsubscribe
Loading...