Creating a wireless packet capture rig.

Toggle sidebar Toggle sidebar
J

Jdonalds

Honorable
Jan 9, 2014
17
0
10,510
I just bought all the parts for a new rig. This rig I'm going to connect directly to my modem and use as a router. I have two gigabit network cards on it, and they support promiscuous mode.

I plan on using an old airport extreme as a AP, will I be able to capture all packets and know which device transmitted them from my gigabit card connected to the AP? Would I be able to monitor the card connected to the modem and tell from there?
 
Solution
B
At first I though you wanted to capture the actual wireless traffic which tends to be quite a challenge.

By the time the traffic gets to your "router" it appears to have come from a switch. There will be no indication it came over a wireless other than it will still maintain the mac address of the wireless nic card from the user machines that sent it.

You should be able to easily capture the data. You can capture it on either interface likely but the one that goes to the modem you have to be sure you capture the data before it is natted or you will not be able to tell the machines that did the traffic.

You can only capture traffic that is going from the users connected to the AP that are sending their traffic to the mac address...
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,317
2,752
125,640
At first I though you wanted to capture the actual wireless traffic which tends to be quite a challenge.

By the time the traffic gets to your "router" it appears to have come from a switch. There will be no indication it came over a wireless other than it will still maintain the mac address of the wireless nic card from the user machines that sent it.

You should be able to easily capture the data. You can capture it on either interface likely but the one that goes to the modem you have to be sure you capture the data before it is natted or you will not be able to tell the machines that did the traffic.

You can only capture traffic that is going from the users connected to the AP that are sending their traffic to the mac address of your router. Even though you can put it in promiscus mode you will not see any traffic going between the wireless devices on the AP or between the wireless devices and wired devices (if they exist) that are directly connected to the AP. This is because the AP behaves like a switch and only traffic destined for your mac address as well as some amount of broadcast traffic will ever be sent down the port going to your router.
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom