lordvur.blogg.se - Enable promiscuous mode wireshark mac

Depending on the OS, this is either presented as a different API or as a true 802.11 network interface.

What you actually need is an interface that can fetch true 802.11 frames. And remember that receiving frames for other stations is unreliable, because the AP will retransmit these frames until the other station received it correctly, not until you receive it correctly. And 802.11 has support for AP that both allow encryption and clear text, so you cannot even enable that feature when connected to a open access point.

More importantly: Even if promiscuous mode on that interface is meant to enable receiving frames for other stations, these frames can not be presented as Ethernet frames: A 802.11 frame has 3 or 4 addresses, can have their payload encrypted and has many other fields that Ethernet does not have. On an switched Ethernet network, turning on promiscuous mode will not allow you to receive Ethernet frames that are not for you (it will merely enable you to see multicast frames that you are not interested in), so the 802.11-as-ethernet interface should do just the same thing. This means that this "promiscuous" flag is only enabled on an Ethernet-like network interface.

You can already guess what you would see when capturing in promiscuous mode on a 802.11 managed interface: you get Ethernet frames that bear little resemblance with the actual 802.11 frames that got transmitted/received. The implication is that, on most OS, a 802.11 station is presented as an Ethernet interface, which carries Ethernet frames.

The 802.11 standard is made to be compatible with 802.3 networks.

The only exception being broadcast/multicast frames, which, guess what, are unreliable. This means that a station can only reliably receive frames that are for him. This has many implications on how the protocol (including security) works. All stations only have a channel to the switch, and nothing else. This means the AP essentially acts as a wireless switch. The AP will then retransmit (or not) the packet to the destination station, changing only the transceiver and receiver address. This is implemented as follows: if a station wants to communicate with another station, it must send a packet to the AP with the transceiver and source address set to its MAC address, the receiver address set to the AP's MAC address (known as the BSSID) and the destination address set to the intended station's MAC.

The 802.11 ESS operation assumes that, in a BSS, all non-AP stations must send all their packets to the AP, regardless of the destination address.

In Infrastructure/ESS mode, it doesn't make much sense to capture packets going to other stations in promiscuous mode, for several reasons :