WLAN Receiver monitor mode - wifi

This is more of a hardware question.
How does a WLAN receiver manage to demodulate every channel simultaniously.
I could need a brief description about that issue.
In my imagination it is only possible to demodulate a single carrier.
Several WLAN chips have the possibility to monitor the entire on air traffic on every channel with every subcarrier.
I could not find a description of that monitor mode in standard and anywhere else until now.
thanks!

The answer is. It is no broadband sniffing possible. The WLAN Hardware is only capable of sniffing one WLAN channel.

Related

Capturing packets using wireshark of an IoT device

I have an IoT device that connects to my wifi router using wifi. There is a limitation of capturing network logs on the device itself so I thought to capture it using Wireshark.
I am using windows 10 and downloaded the latest version of Wireshark. Now that my laptop and my IoT device connect to the same network through the same router, I am not able to capture the packets in and out from my IoT device.
I put the filer as ip.addr == {ip of the IoT device). But it shows nothing.
Is it possible to capture these packets using a laptop using Wireshark?
Let me know, please.
Thanks
Akhilesh
Is it possible to capture these packets using a laptop using Wireshark?
Yes, but your capture setup is almost certainly incorrect. In a nutshell, you need to be able to capture packets in monitor mode, and you're not doing that. Whether it's possible to do so using the WiFi card on your laptop is unknown, because not all cards support monitor mode on Windows.
Since it's impractical to provide an answer that simply repeats information already provided elsewhere, I'll refer you to the following sites for more detailed information:
The Wireshark WLAN (IEEE 802.11) capture setup wiki page
Jasper Bongertz's blog about Wireless Capture on Windows
See also my answer to this question, which basically provides the same information.

Wireshark wifi traffic not fully listed under monitor mode under OrangePi(Lubuntu)

I‘m trying to monitor traffics under wifi, And I use both a mac and a lubuntu installed Wireshark, and after I enable monitor mode start listening, the amount of lubuntu packs is far less than Mac (10x less)
Does this happen since the CPU or net card things(other hardware things?) or just because of different Wireshark?
Is there any other way to identify this cause? (maybe with some other tool or commands)
added:
maybe related to the channel of wifi, but I config wifi to channel 7 and set the lubuntu monitor channel with
iwconfig wlanxx channel 7
but still, I can't get sniffer traffic under lubuntu but full of them under mac
seems lubuntu only could get the broadcast pack (like arp) and 802.11 Protocol Pack
I'm guessing this due to the bad configuration or implementation of wireless net card
There is probably just more activity on the Mac. I don't know your precise configuration, but if you have a browser open on the Mac and nothing on the lubuntu, then there will be a difference in the amount of network traffic.
There is not really a reason for network traffic to change significantly because of hardware. Configuration can play a role though. If ipv4 and ipv6 are enabled, address resolution packets will be double as if only one is. If Arp cache is set to expire fast, there will also be more Arp traffic.
To identify the cause, look at what wireshark is telling you. What packets are there on both machines ? what packets are unique to the Mac ? Have a look at protocols, destination IPs and port numbers, they are the main clue to tell you what is happening.
It seems due to router's setting( wifi channel and mode(802.11xx))
using channel hopping Tech, For capturing as much as possible packages while hopping through multiple channels
And maybe trying some advanced monitor wireless net card for various mode(802.11xx) and 2.5G/5G supporting

How can I sniff packet with Wireshark

I have already installed Wireshark in my laptop. Is it posssible to sniff the packets that my mobile phone sends through the internet? e.g. I open the browser in my mobile phone and I hit a simple link www.bbc.com , how can I sniff the packets that are transferred. They both to have connected to the same network?Because my mobile phone phone is connected to a network SSID1 and my laptop to SSID2.
Because I lack of experience in using wireshark if it possible suggest a link , so to make a quick progress and be more familiar with this software.
Thanks a lot
If you're asking if you can capture network packets on another network, then no that's impossible. You'd need to be on the same network as the device.
Thinking about it like catching fish in a river. If you cast a net in one river to catch all the fish swimming by you'll be successful. If you cast a net in this same river to catch fish in a river next to this one, you're going to be unsuccessful.
For an overview of the different modes you can use wireshark on the same network, look here.

How to detect whether Bis-B is through carrier or Wi-Fi programatically?

How do we programatically detect whether the BIS data traffic is routed through the carrier network or Wi-Fi. Looking at the BB logo dots, we can see that it will be near Wi-Fi indicator if data is routed through Wi-Fi, and near the carrier signal indicator if the data is routed through the carrier data network.
Is there a way to detect that programatically?
You can use the API to determine if a particular service is capable of carrying BIS-B or BES traffic. Since BIS-B and BES are automatically routed through the least expensive means, if Wi-Fi is capable of carrying it BIS-B will go by Wi-Fi.
The KB article in Mister Smiths's comment specifies BIS-B access is available with a qualifying data plan (AKA a BlackBerry data plan, BlackBerry bolt on, etc
"To connect to the BlackBerry Data Services over Wi-Fi for PIN
messaging and BlackBerry Internet Service connectivity, the BlackBerry
smartphone requires a BlackBerry data plan from the wireless service
provider..."
). Given a qualifying data plan BlackBerry Internet Service (BIS) is available under all conditions specified in the chart. If the Wi-Fi connection supports a connection to the BlackBerry router at the ROC then BIS will travel via that connection unless a better option is available. One such better option is also known as "wireless bypass". When a BlackBerry in connected (by USB or BlueTooth) to a PC with internet access and Desktop Manager installed, the BlackBerry will use the PC internet connection.
The KB article also mentions BES. It is often helpful to think of BIS/BIS-B as a subset of BES capability hosted at a RIM Operations Center. Both BES and BIS/BIS-B make use of the BlackBerry router capabilities. The BlackBerry will automatically seek out the apparent least cost method of connecting with the BlackBerry Router either BES or BIS/BIS-B. In order of preference that is: wireless bypass; Wi-Fi; wireless carrier.
Try disabling Wi-Fi:
Radio.deactivateWAFs(RadioInfo.WAF_WLAN);
Maybe you could also detect if Wi-Fi is active calling RadioInfo.getActiveWAFs, but how would you know if it is your app the one using the connection?
To detect whether BIS is going through Wi-Fi, use
if (CoverageInfo.isCoverageSufficient(CoverageInfo.COVERAGE_BIS_B)) {
if (CoverageInfo.isCoverageSufficient(CoverageInfo.COVERAGE_BIS_B, RadioInfo.WAF_WLAN, false))
{
//BIS-B going through wifi
}
else
{
//BIS-B going through carrier
}
}

Sniff local network iOS game host

I am having a little issue right here.
I want to sniff an iOS game that makes an ad-hoc connection to another iOS device using the local network to get multiplayer, but I am unable to sniff these packets, I've tried with Wireshark but no luck (I think I am doing it wrong).
What can I do to intercept the connection between these two devices?
If it's on a WPA network, I think you need to do the sniffing on the AP. Alternatively, put all three devices on an ad-hoc WEP network.
There's also peer-to-peer bluetooth. I'd avoid that by turning it off, instead of trying to sniff a bluetooth key exchange.

Resources