That's what I'd think - it's using different channels. I'll have to
give it a try.
ALthough according to the channels you have in there, you seem to
have channel hopping enabled. The first packet is on channel 8, the
next is on 6, etc...
On 12/01/2006, at 2:50 AM, Roelant Ossewaarde wrote:
Hi all,
I got my Aiport Extreme working pretty smoothly. Nice!
I have a question, but it might be related to pcap instead of kismac.
When I sniff on a network, I can only see partial one-way traffic. For example, here's an exerpt from a dump of a mock ftp-session I tried from another machine, while my Mac was listening in passively:
s.[.&...d.....default2.......................
10:29:06.542588 0us Beacon (ann) [1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0 Mbit] ESS CH: 8, PRIVACY
...A....d.....ann......$0Hl.........*../..2....`........
10:29:07.767884 0us Beacon (default2) [1.0* 2.0* 5.5 11.0 Mbit] ESS CH: 6
%.n.&...d.....default2.......................
10:29:07.859695 138us IP (tos 0x0, ttl 47, id 51710, offset 0, flags [none], length: 85) hostIPremoved.ftp > 192.168.11.106.32849: P [tcp sum ok] 393914223:393914256(33) ack 1217229273 win 17520 <nop,nop,timestamp 14 107030>
........E..U..../.=..{.f...j...Q.z.oH.q...DpK
.....
........331 Password required for (username removed).
[4 of:
%Ap.&...d.....default2.......................
10:29:07.970465 0us Beacon (default2) [1.0* 2.0* 5.5 11.0 Mbit] ESS CH: 6
]
&.v.&...d.....default2.......................
10:29:12.526677 Retry 314us Probe Response (default2) [1.0* 2.0* 5.5 11.0 Mbit] CH: 6
.m..&...d.....default2.................
10:29:16.938682 138us IP (tos 0x0, ttl 47, id 51896, offset 0, flags [none], length: 552) hostipremoved.56030 > 192.168.11.106.32850: . [tcp sum ok] 933474178:933474678(500) ack 1222666890 win 17520 <nop,nop,timestamp 5 0>
........E..(..../.;#.{.f...j...R7...H.j...Dp.......
........drwxrwxr-x 21 miep wheel 1024 Jun 14 2004 mysql-3.22.25
(and about 65535 other files)
In this session, I mistyped my password, gave the correct one and did `ls'. The session is not encrypted on the access point, and plaintext ftp / ftpd are used.
Why don't I see all the packets? Is this because some of them are sent on a different channel on which kissmac happens not to be listening? And why is it that I always seem to miss the tcp-packets that are being sent TO the accesspoint?
TIA, sorry if this is a faq I haven't found yet.
