Skip to content

/ netsniff-ng

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

netsniff-ng filter in rfraw doesn't work #101

Open
borkmann opened this issue Feb 12, 2014 · 2 comments
Open

netsniff-ng filter in rfraw doesn't work #101

borkmann opened this issue Feb 12, 2014 · 2 comments
Labels
bug

Comments

@borkmann
Copy link
Contributor

@borkmann borkmann commented Feb 12, 2014

http://thread.gmane.org/gmane.linux.network.netsniff-ng/482
@borkmann borkmann added the BUG label Feb 12, 2014
@vkochan
Copy link
Contributor

@vkochan vkochan commented Jun 29, 2015

Add plain email text as sometimes the link loads too long:

------------------------------------------------------------------------------------------
From: Olivier Marce 
Subject: netsniff-ng vs tshark
Newsgroups: gmane.linux.network.netsniff-ng
Date: 2014-02-11 16:33:14 GMT (1 year, 19 weeks, 4 days, 11 hours and 6 minutes ago)
Hi guys
thanks a lot for this splendid toolkit.
I got a strange (for me) behavior that I would like to share with you.
Platform Ubuntu 12.10
I have a WiFi interface named wlan5 and IP   192.168.1.5 that I ping from 
another machine. MAC   of this interface is 60:67:20:b0:b5:48
I setup a monitor virtual interface mon5 (iw dev wlan5 interface mon5 
mode monitor)
Then, I do not have the same results with netsniff-ng (0.5.8-rc5)  and 
tshark 1.8.2 :
# netsniff-ng --in wlan5 -f "ether dst 60:67:20:b0:b5:48"
Running! Hang up with ^C!
< wlan5 98 1392136256s.25182523ns
  [ Eth MAC (b8:a3:86:96:a5:0d => 60:67:20:b0:b5:48), Proto (0x0800, IPv
  [snip]
but :
# netsniff-ng --in mon5 -f "ether dst 60:67:20:b0:b5:48"
Running! Hang up with ^C!
(... nothing...)
while :
# tshark -i mon5 -f "ether dst 60:67:20:b0:b5:48"
Capturing on mon5
   0.000000  192.168.1.1 -> 192.168.1.5  ICMP 134 Echo (ping) request 
id=0x0b7c, seq=838/17923, ttl=64
Is there a reason why netsniff-ng does not capture packet on monitor 
virtual interface ?
Best regards
-- 
Olivier Marcé
Alcatel-Lucent Bell Labs France
-- 
You received this message because you are subscribed to the Google Groups "netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscribe@...
For more options, visit https://groups.google.com/groups/opt_out.
---------------------------------------------------------------------------------------------
@vkochan
Copy link
Contributor

@vkochan vkochan commented Jun 29, 2015

I am not sure how it is possible to capture Ethernet frames on mac80211 monitor device (did you use
some special driver/device/settings ?), there was issue that netsniff-ng did not check for radiotap link type of specified monitor device but after commit:

47a7037 netsniff-ng: Consider radiotap header of monitor dev

netsniff-ng considers radiotap link type and dumps mac80211 frames correctly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@borkmann @vkochan
You can’t perform that action at this time.