[CUWiN-Dev] Monitor mode with Atheros
Jeongkeun Lee
jklee at mmlab.snu.ac.kr
Wed Feb 7 04:10:08 CST 2007
Dave,
My concern in using tcpdump to sniff packets is the timestamp precision.
According to the following mailing list archive,
http://www.tcpdump.org/lists/workers/2003/08/msg00411.html
tcpdump time stamp imprecision includes time spent passing the packet
through the networking code and the driver code, as well as, possibly,
through the networking card.
But what I want is the hardware RX timestamp whose precision is in
microsecond level. Reportedly (by some papers and madwifi mailing), Atheros
card provides such precise timestamp of received packets for device driver.
It seems that calling ath_extend_tsf(ah, ds->ds_rxstat.rs_tstamp) returns
the extended 64-bit timestamp from rx descriptor.
As I doubt that tcmdump timestamp is identical with the hardware RX
timestamp, could you shed light on this? :)
I looked at ieee80211_radiotap header and relevant codes but still in dark.
Thank you.
-- Jeongkeun
> -----Original Message-----
> From: cu-wireless-dev-bounces at lists.cuwireless.net [mailto:cu-wireless-
> dev-bounces at lists.cuwireless.net] On Behalf Of David Young
> Sent: Wednesday, February 07, 2007 2:36 PM
> To: cu-wireless-dev at lists.cuwireless.net
> Subject: Re: [CUWiN-Dev] Monitor mode with Atheros
>
> On Wed, Feb 07, 2007 at 02:21:56PM +0900, Jeongkeun Lee wrote:
> > Hi Dave,
> >
> > I'd like to have a mesh node to operate as a packet sniffer. The sniffer
> > will be placed right next to a sender and sniff out every packet
> transmitted
> > by the sender. We have written codes which read 64-bit hardware
> timestamp of
> > received packets in ath device driver, which is reported to the
> application
> > program (sniffer daemon).
> >
> > The sniffer does not have to transmit packets. But it has to hear every
> > packet (from the sender) regardless of the destination address in the
> > packet. Thus, the sniffer needs to operate in monitor mode, as I
guessed.
> > But it seems the device driver needs to be modified to support monitor
> mode.
> > Or there is another way to make a sniffer without using monitor mode?
>
> Promiscuous mode should be sufficient. tcpdump puts an interface in
> promiscuous mode by default. In adhoc mode, have you tried 'tcpdump
> -ne -y ieee802_11_radio -i ath0 -s 256 -w /tmp/capture-file.cap'?
> That works for me.
>
> Dave
>
> > Thanks,
> > -- Jeongkeun
> >
> > > You cannot transmit packets in monitor mode. It is a receive-only
> mode.
> > > What are you trying to achieve? I can probably suggest a different
> way.
> > >
> > > Dave
> > >
> > > --
> > > David Young OJC Technologies
> > > dyoung at ojctech.com Urbana, IL * (217) 278-3933
> > > _______________________________________________
> > > CU-Wireless-Dev mailing list
> > > CU-Wireless-Dev at lists.cuwireless.net
> > > http://lists.chambana.net/cgi-bin/listinfo/cu-wireless-dev
>
> --
> David Young OJC Technologies
> dyoung at ojctech.com Urbana, IL * (217) 278-3933
> _______________________________________________
> CU-Wireless-Dev mailing list
> CU-Wireless-Dev at lists.cuwireless.net
> http://lists.chambana.net/cgi-bin/listinfo/cu-wireless-dev
More information about the CU-Wireless-Dev
mailing list