Re: WiFi sniffing need to be connected?

[Edwin Rene <edwin.rene () gmail com>]

Enis Sahin wrote:
> I have tried putting my wireless cards into monitor mode in backtrack
> and tried to sniff my own wireless connection by tuning into its
> channel. However all I captured was unintelligible packets (which I'm
> guessing management packets) and couldn't see any TCP packets. Could
> it be a problem with my wireless adaptor drivers and I couldn't
> properly put it into monitor mode?

You've got it right. Because when you're in monitor mode it gets all the
wireless frame, ethernet compatible or not, but does not decode it , as
well as control frames, where as in managed mode your interface and
drivers decodes wireless frame into Ethernet format. Which I guess is
what you mean by "intelligible packets"

> On second thought how would I differentiate between two tcp packets
> originating from the same IP addess on different APs boradcasting on
> the same channel...? Probably that's the problem.

I thought this would be obvious because the ESSID and BSSID would be
different.

> I am a little confused about this wireless sniffing thing. Can anybody
> help me to clarify :)?
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature