hostapd n00b wants to capture all traffic sent / received by BSS - use hostapd?
Jouni Malinen
j
Mon Oct 12 14:12:57 PDT 2015
On Mon, Oct 12, 2015 at 05:37:50PM +0000, Kennedy, Smith (Wireless Architect) wrote:
> After considering this and reading a bit, a second interface won't meet my objectives. What I'm really after is a tee to be inserted between hostapd and the 802.11 adapter so that I can capture all 802.11 frames (data, management, everything) passed into the AP (in this case, hostapd), as well as all traffic sent by hostapd to the radio adapter.
>
> I don't know how if hostapd has a built-in option or feature to dump this to a file or pipe, but I've not found one in the hostapd.conf documentation or the man pages yet. Or maybe the mechanism hostapd uses to interface with the NIC(s) it is controlling provides a "tee" mechanism?
Please keep in mind that hostapd does not touch almost any of the Data
frames going through the AP. The only Data frames it uses are related to
authentication and key setup (EAPOL frames, RSN pre-authentication) and
if ProxyARP is enabled, some of ARP/NS/NA frames. If you want to get a
pretty complete set of frames going through the AP, I would use a
virtual monitor socket assuming this is with a mac80211-based driver. In
any case, hostapd is not the place to look for Data frames in general
(they won't hit user space at all for forwarding cases; never mind
hitting hostapd).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list