Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:Kismet not capturing all traffic on Senao PrismII (and i'm not hopping)
Date:17:54:13 01/03/2007

Fire up kismet, then run in another terminal:

tcpdump -s 0 -i yourif -w foo.dump

then look at it in ethereal.

If you've got packets in foo.dump that kismet didn't see, gzip it up and mail it to me or post the link (and tell me what frames you think are the problem if you can)

Otherwise, you're hitting some limit of your driver. Maybe you're missing 11g encoded data since it's an 11b card? The prism cards aren't the fastest in the world when it comes to packet tossing, either, if it's an option, something like a cardbus prism54 or atheros might do you better.

-m

> Hey people,
>
> I don't know if this is really the right place to post this as I'm not sure this has anything to do with kismet at all but I saw a post here by Dragorn that gave me a little bit more hope. First my problem:
>
> Kismet (but also ethereal) is not capturing all my traffic in Monitor mode nor in Promiscuous mode. Ive edited /etc/kismet.conf to disable channel hopping and had my source start at channel 9 which in the kismet gui itself all looks good -> it now only looks at my wireless network. Good. Then I fired up my laptop who is connected to the same accesspoint, same wireless net. I performd 3 pings, 2 times to the AP itself, 1 to google and I opend 2 websites and browsed them. Ive done this same routine on my wired net and there I see all traffic but in my wireless setup I only see "some" echo replys or pings and only parts of the http traffic.
>
> Ive turned off channel hopping in kismet. Turned of Roaming (Mandriva 2007 wizard is set to Monitor now too, you never know with these wizard things). Started Monitor mode again with airmon-ng start wlan0 9 and started capturing.
>
> The firmware for my Senao card (PrismII 2.5) is:
> Socket 0 Device 0: [hostap_cs] (bus ID: 0.0)
> Configuration: state: on
> Product Name: INTERSIL HFA384x/IEEE Version 01.02
> Identification: manf_id: 0x0156 card_id: 0x0002
> function: 6 (network)
> prod_id(1): "INTERSIL" (0x74c5e40d)
> prod_id(2): "HFA384x/IEEE" (0xdb472a18)
> prod_id(3): "Version 01.02" (0x4b74baa0)
> prod_id(4): --- (---)
>
> Host AP driver diagnostics information for 'wlan0'
>
> NICID: id=0x800c v1.0.0 (PRISM II (2.5) PCMCIA (SST parallel flash))
> PRIID: id=0x0015 v1.1.1
> STAID: id=0x001f v1.7.4 (station firmware)
>
> Now why am I posting this here then?
> I saw this (part of) post by dragorn:
>
> 1 Not missing the packets you think you are
> 2 Channel hopping in firmware, kismet at the moment on the wrt expects it to be in ap+rfmon, and sets it so itself.
> 3 Getting collisions and other noise on the channel
> 4 Hitting limitations and bugs in the broadcom driver
> 5 Filtering frames. Look at your kismet.conf. By default, a lot of junk is filtered out.
> 6 Getting frames so corrupted they're rejected by the kismet 802.11 validator as garbage.
>
> 1 -> I am sure I am missing packets
> 2 -> I guess it must be something like this cus also in an other distribution I have the same trouble but how can I check this and fix this?
> 3 -> Dunno for sure but I am on channel 9 and my neighbour is on channel 5 so I respect that 3 channel seperation margin right?
> 4 -> not broadcom but well known prismII chipset so...
> 5 -> by default it doesn't look like its filtering anything? It looks like its all commented out in kismet.conf
> 6 -> Dunno so again: how can I check this?
>
> My best bet is option number 2, it looks and smells like that so its probably it. But what should I do to fix this?


Reply to this message