[kismac] One-way traffic only?

• From: Roelant Ossewaarde <miep@xxxxxxxxxxx>
• To: kismac@xxxxxxxxxxxxx
• Date: Wed, 11 Jan 2006 11:20:19 -0500

Hi all,

I got my Aiport Extreme working pretty smoothly. Nice!

I have a question, but it might be related to pcap instead of kismac.

When I sniff on a network, I can only see partial one-way traffic. For example, here's an exerpt from a dump of a mock ftp-session I tried from another machine, while my Mac was listening in passively:

s.[.&...d.....default2.......................
10:29:06.542588 0us Beacon (ann) [1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0 Mbit] ESS CH: 8, PRIVACY

...A....d.....ann......$0Hl.........*../..2....`........
10:29:07.767884 0us Beacon (default2) [1.0* 2.0* 5.5 11.0 Mbit] ESS CH: 6

%.n.&...d.....default2.......................
10:29:07.859695 138us IP (tos 0x0, ttl 47, id 51710, offset 0, flags [none], length: 85) hostIPremoved.ftp > 192.168.11.106.32849: P [tcp sum ok] 393914223:393914256(33) ack 1217229273 win 17520 <nop,nop,timestamp 14 107030>
........E..U..../.=..{.f...j...Q.z.oH.q...DpK
.....

        ........331 Password required for (username removed).

[4 of:
%Ap.&...d.....default2.......................
10:29:07.970465 0us Beacon (default2) [1.0* 2.0* 5.5 11.0 Mbit] ESS CH: 6
]
&.v.&...d.....default2.......................
10:29:12.526677 Retry 314us Probe Response (default2) [1.0* 2.0* 5.5 11.0 Mbit] CH: 6

.m..&...d.....default2.................
10:29:16.938682 138us IP (tos 0x0, ttl 47, id 51896, offset 0, flags [none], length: 552) hostipremoved.56030 > 192.168.11.106.32850: . [tcp sum ok] 933474178:933474678(500) ack 1222666890 win 17520 <nop,nop,timestamp 5 0>
........E..(..../.;#.{.f...j...R7...H.j...Dp.......
........drwxrwxr-x 21 miep wheel 1024 Jun 14 2004 mysql-3.22.25
(and about 65535 other files)

In this session, I mistyped my password, gave the correct one and did `ls'. The session is not encrypted on the access point, and plaintext ftp / ftpd are used.

Why don't I see all the packets? Is this because some of them are sent on a different channel on which kissmac happens not to be listening? And why is it that I always seem to miss the tcp-packets that are being sent TO the accesspoint?

TIA, sorry if this is a faq I haven't found yet.

• Follow-Ups:
  • [kismac] Re: One-way traffic only?
    • From: themacuser

Other related posts:

• » [kismac] One-way traffic only?
• » [kismac] Re: One-way traffic only?

1. Home
2. kismac
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---