WiFi Sniffing, what sees what, and why do I only see broadcasts in Promiscuous mode

[irongeek at irongeek.com (Adrian Crenshaw)]

I've asked this question on many forums, but with no satisfying answer. I
seem to remember back in the day being able to sniff with a 802.11b card in
Promiscuous on an open network and being able to see everything (except
management frames of course). On an 802.11g network with an 11g card I would
only see some of the traffic not destined for me. On 802.11n I only see my
traffic and broadcast (unless of course I ARP poison). Why is this? Is it
because g and n talk on more channels that the sniffing card may not see at
the time?

What does a 802.11b sniffer on a 802.11g network see, and vice versa using
both Promiscuous mode and Monitor mode? For those that don't understand the
difference between the two modes read:

Promiscuous mode http://en.wikipedia.org/wiki/Promiscuous_mode
Monitor mode http://en.wikipedia.org/wiki/Monitor_mode

Seems a lot of folks get them confused. To further complicate the matter,
some cards seem not to support these modes (for example, ipw2200 supports
Monitor with the newest drivers in Linux but does not seem to support
Promiscuous in Windows or Linux for what I have tried so far, at least in
the distribution I'm using). Here are my questions, but in a more concise
manner:

1. What does a 802.11b sniffer on a 802.11g network see when in Monitor
mode?
2. What does a 802.11b sniffer on a 802.11g network see when in Promiscuous
mode?
3. What does a 802.11g sniffer on a 802.11b network see when in Monitor
mode?
4. What does a 802.11g sniffer on a 802.11b network see when in Promiscuous
mode?

Repeat all of the above questions for 802.11n as well.

I plan to do some systematic tests soon and post results, but my hardware is
limited and as I stated before, lack of support with some chipsets does
complicate maters. As best as I can tell so far these may be the answers:

1. Just 802.11 management traffic (beacons and such) and broadcast traffic.
2. Just broadcast traffic.
3. Everything.
4. Everything but 802.11 management traffic (beacons and such).


Thanks for any help

Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081111/636dc2b3/attachment.htm