0
I am wondering if it is possible to extract 802.11 frames on a router running OpenWrt operating as an access point. I tried using tcpdump and loading the dumped packets in Wireshark, but I could only see up to the 'Ethernet II' header.
Thanks
user1981811
Posted 2013-01-15T22:27:21.223
Reputation: 1
0
It is not possible.
You need to turn the AP into monitor mode to make that happen.
Monitor mode means the wifi driver turns off the filter in the hardware, in the AP mode, it is still filtering.
thb998
Posted 2013-01-15T22:27:21.223
Reputation: 26
0
Why not just use Wireshark? And from my experience you need to be in monitor mode. You will know it's working when you see probes, beacons and the like. Try a /ifconfig wlan0 down or whatever your wireless interface is ifconfig wlan0 mode monitor and then bring it back up. Hopefully you don't need to patch your drivers for this to work.
Bryan
Posted 2013-01-15T22:27:21.223
Reputation: 710
The tool is not the concern here -- the problem is actually getting the 802.11 header itself. There is some information in the header I wish to inspect from the 802.11 header on the router that is acting as an access point. (In particular, a couple of combinations of frame control bits). If I match these bits, I wish to forward or save the packet.
In monitor mode, I can see the 802.11 header of a packet heading for another AP, but I want the router to play a dual role -- It is both an AP and forwarding certain packets heading towards it. – user1981811 – 2013-01-16T14:52:48.413
I don't want to just dump links here, but check this out http://wiki.wireshark.org/CaptureSetup/WLAN#Link-Layer_.28Radio.29_packet_headers There may be information here for you to help with your problem.
– Bryan – 2013-01-16T14:58:33.683