hostapd n00b wants to capture all traffic sent / received by BSS - use hostapd?

Kennedy, Smith Wireless Architect smith.kennedy
Mon Oct 12 10:37:50 PDT 2015 

Hi again,

After considering this and reading a bit, a second interface won't meet my objectives.  What I'm really after is a tee to be inserted between hostapd and the 802.11 adapter so that I can capture all 802.11 frames (data, management, everything) passed into the AP (in this case, hostapd), as well as all traffic sent by hostapd to the radio adapter.

I don't know how if hostapd has a built-in option or feature to dump this to a file or pipe, but I've not found one in the hostapd.conf documentation or the man pages yet.  Or maybe the mechanism hostapd uses to interface with the NIC(s) it is controlling provides a "tee" mechanism?  

I'll keep digging...

Smith



> On 2015-10-09, at 10:38 PM, Kennedy, Smith (Wireless Architect) <smith.kennedy at hp.com> wrote:
> 
> Thanks for the suggestion - I'll look into it!  But I'm not sure that a second virtual interface will actually report this.  And I have to assume that only certain adapters support multiple virtual interfaces operating on a single physical radio.
> 
> Smith
> 
> 
> 
>> On 2015-10-09, at 1:32 PM, hiro <23hiro at gmail.com> wrote:
>> 
>> Is there anything preventing you to use tcpdump or airodump on a
>> second virtual interface in monitor mode? look into airodump-ng
>> project's man pages perhaps, cause they have nice tools to create such
>> interfaces in monitor mode.
>> 
>> On 10/9/15, Kennedy, Smith (Wireless Architect) <smith.kennedy at hp.com> wrote:
>>> Hello,
>>> 
>>> I am seeking a way to have an AP that can trace all 802.11 traffic sent &
>>> received by its adapters.  Having an adjacent system running in monitor mode
>>> isn't good enough - I want to track the traffic actually sent / received by
>>> the AP as reported by the AP's radio adapters themselves.  And I was
>>> wondering if such a thing could be done using hostapd (to provide the AP
>>> function if not the monitoring function) perhaps running BSD or Linux.  I
>>> don't know whether hostapd could be providing the 802.11 traffic or if
>>> rather I would need to be getting that using something like Wireshark etc.?
>>> Reading the Wireshark wiki for capturing Wi-Fi traffic, it seems that
>>> non-monitor mode won't deliver the 802.11 headers on Linux, but some of the
>>> BSDs provide 802.11 headers and all the management frames etc.  Or maybe
>>> this will require getting traces directly from the drivers...?
>>> 
>>> Any help or other thoughts / pointers would be very welcome.
>>> 
>>> Cheers,
>>> Smith
>>> 
>>> 
>>> 
>>> 
> 
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4956 bytes
Desc: not available
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20151012/d175e4a4/attachment-0001.bin>

More information about the Hostap mailing list