Kismet Wireless

Kismet Forums


Posted by:drbeagle
Subject:Control frames over tun/tap?
Date:01:05:49 06/04/2011

> > Is it possible to export control frames (e.g., ACK, CTS, and RTS) over the tun/tap virtual interface?
> It works for me - I'm seeing CF frames on tuntap...
Let me clarify. I see some CF frames from surrounding APs:

[20:58:11 myhost 0 bin]$ sudo tcpdump -eni kistap0
20:58:11.536493 CF +QoS BSSID:00:26:cb:17:42:e0 SA:00:26:c6:72:3d:c4 DA:00:1f:6d:e7:a0:00 Data IV:3f77 Pad 20 KeyID 0
20:58:11.545874 CF +QoS BSSID:00:26:cb:17:42:e0 SA:00:22:fa:7f:ec:12 DA:00:26:cb:17:42:e0
20:58:11.545986 RA:00:26:cb:17:42:e0 TA:00:22:fa:7f:ec:12 Request-To-Send
20:58:11.546265 RA:00:26:cb:17:42:e0 BSSID:00:22:fa:7f:ec:12 CF-End

But I don't see CTS, RST, or ACKs for the ad-hoc network I'm monitoring (PPI headers are also not visible) when connecting to kistap0. These ad-hoc CF frames and the PPI headers are visible if I open the Kismet pcap dump file with Wireshark.

> Can you post a snippet of a pcap file somewhere which exemplifies it on your system and I'll check?

I'm not sure how to post a snippet since its a binary file. I need to narrow it down to only the relevant packets (most of the packets are background chatter that just clutter up the files).

> Does replaying the pcap through kismet still not show them?
How do I do this replay. Use `sudo kismet_server -M <SOMELARGENUMBER> -n -c Kismet_date_time_.pcap` spits out the following error:

INFO: Kismet starting to gather packets
INFO: Started source 'Kismet-20110405-16-03-45-1.pcapdump'
INFO: Detected new ad-hoc network "SETUP", BSSID 7A:7D:CB:EB:A7:A1,
encryption no, channel 11, 11.00 mbit
INFO: Detected new ad-hoc network "WHISPER", BSSID 02:23:76:E1:DA:5F,
encryption no, channel 11, 60.00 mbit
<trim 7 more similiar "INFO: Detected new network" messages>
INFO: Detected new probe network "apt340", BSSID 00:23:76:51:83:27,
encryption no, channel 0, 54.00 mbit
ERROR: Pcap file reached end of capture

Reply to this message