tcpdump mailing list archives
Re: does tcpdump catch all packets in the air?
From: Guy Harris <guy () alum mit edu>
Date: Mon, 21 May 2007 13:38:11 -0700
Łukasz Strzałkowski wrote:
Tcpdump collects much less packets then kismet and all of them are from my laptop and my Access Point. Please someone explain me why it is so if tcpdump reads the same wireless interface in this router as kismet drone?
Probably because tcpdump isn't putting the interface into monitor mode and the Kismet drone is probably putting the interface it's using into monitor mode. If you're not in monitor mode, the adapter will only see packets for the wireless network with which you're associated.
There's currently no API in libpcap to turn on monitor mode, and no way in tcpdump to turn on monitor mode. You might be able to do so from the command line; see
http://wiki.wireshark.org/CaptureSetup/WLAN
for some information on this.
*However*, note that many adapters will disassociate from your wireless
network if put into monitor mode. This might not be what you want.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- does tcpdump catch all packets in the air? Łukasz Strzałkowski (May 21)
- Re: does tcpdump catch all packets in the air? Guy Harris (May 21)
- Re: does tcpdump catch all packets in the air? Łukasz Strzałkowski (May 26)
- Re: does tcpdump catch all packets in the air? Guy Harris (May 21)