sfx2000
Part of the Furniture
Figured I would toss this out to the collective...
One of the options in Wireshark is to capture WiFi packets via monitor mode - I've had pretty good luck in the past on Linux and the BSD's (along with Mac OSX) with various Broadcom and Intel Cards, but the current generation of cards can't seem to get decent captures of 11ac specific packets...
It's probably a driver issue, but since my options at this point are all BCM4360, Intel 3160, and Realtek RTL8812AU (Asus USB-AC56), none of which fully support monitor mode completely (BCM4360 does ok, but a lot of corrupt packets, Realtek hasn't updated their Linux drivers since Kernel 3.10, and the 3160 doesn't seem to support monitor mode with any driver)...
So for example (see below) - I can capture the AP asking for VHT feedback from the clients, but the responses from a non-capture STA are corrupt, and it is not a parser issue with Wireshark, I've handparsed the TLV's, and it's the PCAP from the driver...)
IEEE 802.11 VHT NDP Announcement, Flags: ........C
Type/Subtype: VHT NDP Announcement (0x0015)
Frame Control Field: 0x5400
.... ..00 = Version: 0
.... 01.. = Type: Control frame (1)
0101 .... = Subtype: 5
Flags: 0x00
.... ..00 = DS status: Not leaving DS or network is operating in AD-HOC mode (To DS: 0 From DS: 0) (0x00)
.... .0.. = More Fragments: This is the last fragment
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = Protected flag: Data is not protected
0... .... = Order flag: Not strictly ordered
.000 0000 0110 0100 = Duration: 100 microseconds
Receiver address: VENDOR_a7:b9:a4 (WW:XX:YY:a7:b9:a4)
Transmitter address: VENDOR_1e:57:3f (WW:XX:YY:1e:57:3f)
Sounding Dialog Token: 0xa4
1010 01.. = Sounding Dialog Token Number: 41
.... ..00 = Reserved: 0x00
STA Info: 0x0000
.... 0000 0000 0000 = AID12: 0x0000
...0 .... .... .... = Feedback Type: SU feedback requested
000. .... .... .... = Reserved: 0x0000
STA Info: 0x3d48
.... 1101 0100 1000 = AID12: 0x0d48
...1 .... .... .... = Feedback Type: MU feedback requested
010. .... .... .... = Nc Index: 3 (2)
STA Info: 0x5020
.... 0000 0010 0000 = AID12: 0x0020
...1 .... .... .... = Feedback Type: MU feedback requested
001. .... .... .... = Nc Index: 2 (1)
Frame check sequence: 0x2050483d [correct]
[Good: True]
[Bad: False]
One of the options in Wireshark is to capture WiFi packets via monitor mode - I've had pretty good luck in the past on Linux and the BSD's (along with Mac OSX) with various Broadcom and Intel Cards, but the current generation of cards can't seem to get decent captures of 11ac specific packets...
It's probably a driver issue, but since my options at this point are all BCM4360, Intel 3160, and Realtek RTL8812AU (Asus USB-AC56), none of which fully support monitor mode completely (BCM4360 does ok, but a lot of corrupt packets, Realtek hasn't updated their Linux drivers since Kernel 3.10, and the 3160 doesn't seem to support monitor mode with any driver)...
So for example (see below) - I can capture the AP asking for VHT feedback from the clients, but the responses from a non-capture STA are corrupt, and it is not a parser issue with Wireshark, I've handparsed the TLV's, and it's the PCAP from the driver...)
IEEE 802.11 VHT NDP Announcement, Flags: ........C
Type/Subtype: VHT NDP Announcement (0x0015)
Frame Control Field: 0x5400
.... ..00 = Version: 0
.... 01.. = Type: Control frame (1)
0101 .... = Subtype: 5
Flags: 0x00
.... ..00 = DS status: Not leaving DS or network is operating in AD-HOC mode (To DS: 0 From DS: 0) (0x00)
.... .0.. = More Fragments: This is the last fragment
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = Protected flag: Data is not protected
0... .... = Order flag: Not strictly ordered
.000 0000 0110 0100 = Duration: 100 microseconds
Receiver address: VENDOR_a7:b9:a4 (WW:XX:YY:a7:b9:a4)
Transmitter address: VENDOR_1e:57:3f (WW:XX:YY:1e:57:3f)
Sounding Dialog Token: 0xa4
1010 01.. = Sounding Dialog Token Number: 41
.... ..00 = Reserved: 0x00
STA Info: 0x0000
.... 0000 0000 0000 = AID12: 0x0000
...0 .... .... .... = Feedback Type: SU feedback requested
000. .... .... .... = Reserved: 0x0000
STA Info: 0x3d48
.... 1101 0100 1000 = AID12: 0x0d48
...1 .... .... .... = Feedback Type: MU feedback requested
010. .... .... .... = Nc Index: 3 (2)
STA Info: 0x5020
.... 0000 0010 0000 = AID12: 0x0020
...1 .... .... .... = Feedback Type: MU feedback requested
001. .... .... .... = Nc Index: 2 (1)
Frame check sequence: 0x2050483d [correct]
[Good: True]
[Bad: False]
