How to capture WiFi-Direct probe request in wireshark? - wireshark

I am trying to send the wifi direct probe packets using raw sockets so that mobile devices will show them in wifi direct device list.
I am trying to capture packets first in Wireshark in monitor mode in order to understand the packet structure and compare with the P2P probe request packet mentioned in Wifi Direct specification.
But I am not able to capture the correct probe packet in Wireshark. Can anyone suggest me what I am missing in my approach?

I wasn't able to capture packets with filter WLAN.addr= XX:XX:XX:XX:XX:XX. (Actual wifi Mac address), as WiFi Direct Mac address is different and the first byte was different.For example If your wifi mac is 00:04:CB:CX:DE:E7 then WiFi-Direct address is 02:04:CB:CX:DE:E7.
Also, I am able to show the device listed when I sent probe response packet to the device.

Related

(Real) Monitor Mode in ESP8266

I know I can send 802.11 custom packets with wifi_send_pkt_freedom, and I'am using it without any problem.
But what about receiving?. Yes, I can enable promiscuos mode, and filter by MAC address. Doing that is perfect for sniffing, but not for communication, because the ESP8266 won't ACK the packets and if I'am not sniffing and my ESP is the only receiver, it will make the transmitter to repeat many times the packet. Yes, I can send it like broadcast or multicast to avoid waiting for the ACK, but I'll missing the ACK/re-send functionality. In short I would like to put the ESP Wifi interface in monitor mode (which is not promiscuos mode)
And yes, I can use ESPNOW, but for my application it wont suit very well my needs.
Thanks!
Román

Why is 802.11 to 802.3 conversion impossible in monitoring mode?

When I use Wireshark to capture traffics with my wlan card with monitor mode already set, it only displays 802.11 frames. However, if I use Wireshark with managed mode wlan(promiscuous mode), it certainly displays 802.3 frames.
I searched for some related information and found out that 'network bridging' allows devices to convert 802.11 wireless packets to 802.3 packets. In case of packet capturing, pcap allows conversion.
(link: How to real time convert wireless packet(802.11) to Ethernet packet(802.3) in windows?)
So, Why is 802.11 to 802.3 frame conversion impossible when using monitor mode(not associated to the wireless network)?
Below are pictures of the situation. Thank you in advance.
Promiscuous mode packet capture
Monitor mode packet capture
For one thing, not all 802.11 packets have Ethernet equivalents; only data packets do. In monitor mode, in addition to data packets, control and management packets can be captured - you're seeing those types of packets in your monitor-mode capture.
For another thing, when capturing in monitor mode on a "protected" network (WEP, WPA), data packets are encrypted (to protect them from being sniffed), and can't be converted to Ethernet packets until they're decrypted. Under some circumstances, Wireshark can decrypt them, but Wireshark doesn't do any conversion from 802.11 to 802.3 in any circumstances - when not capturing in monitor mode, the 802.11 adapter converts data packets to 802.3 packets after decrypting them, and doesn't show non-data packets to the host.

Multicast data cannot be received by programs

Connection Schema
As given above, we connected two computers with one ethernet cable. Then using different programs we tried to sent data using as unicast,broadcast and multicast. However, we could not achieve to sent data as multicast. I mean, we can capture the data using wireshark, however both vlc,ffplay could not achieve to receive data.
We disabled firewalls of computers.
We achieved to send unicast and broadcast.
Wireshark can capture multicast data and there are not any checksum issues.
We use 239.5.5.5 as multicast address.
We checked ttl of packets.
We used different computers, but we get same result.
We forgot to turn off other interfaces in the computer including wifi and virtual machine interfaces. After turning off other interfaces, we are able to get multicast stream from Ethernet interface.

UDP Packets IOS 9 LTE Network GCDASYNCUDP

I have a basestation (beaglebone running linux) at my home which is connected to multiple cameras. I connect my iPhone iOS9 to the basestation via TCP and the basestation will stream the video of each camera to a specific UDP port. All is well.
I want to be able to see the cameras when I am not connected to the local network. When my phone is connected to LTE, I have the iPhone connecting to the public address of my router via TCP and with port forwarding, all data is forwarded to the basestation. I am connecting and talking just like it was on the local network with the TCP client. All is well.
The problem is when the video is streamed via UDP on a specific port, no different than when on the local network, the basestation has no problem sending the packets, but the iPhone is not receiving anything. I am using GCDASYNCUDPSOCKET and my cellular carrier is Verizon.
I am wondering if this issue is due to Verizon blocking UDP packets? Or possibly there needs to be something else done other than just binding the iPhone UDP socket to a specific port and calling the beginreceiving function. I feel if it works on the local network, it should work on the cellular network.
I have also tried to ping the address of my cellphone from my computer which does not work. I am guessing the reason is because the iPhone has blocked this. It should be no different than pinging the address of google or anything else.
Please give me some insight on the possible issues or work arounds. I don't think I need to port forward the UDP since it is only outgoing and my Netgear router does not limit any outbound traffic (from the router to the iPhone). I was doing all this TCP before trying to send the video via UDP. It is much slower waiting to receive acks for 5 cameras streaming live video. And when it doesn't receive a packet it backs up the buffer and causes more issues. Also I had an issue with the TCP packets combining together so then I had to implement some kind of custom ack which made the delay worse, or add an end of message, but then it slows down on parsing and since I don't know exactly what data is coming it made things more difficult.
UDP is the way to go, just cannot receive the packets at this time. My understanding is a lot of games use UDP and they work on LTE network, so I'm not quite sure what the problem is. Is there special UDP ports that only work with Verizon?

Is it possible to sniff packets from/to chromecast dongle while doing screen mirror?

I want to observe streams between the original screen mirrored from and the target screen mirrored to to check something like frame loss, thus I'm thinking to sniff packets between sender and receiver.
Is there any plugins for Wireshark which enables me to do that..?
What you have to do is to route the network traffic through some network node that you can sniff on. Like your laptop.
I would connect the laptop to the Internet through ethernet and make a wifi hotspot on it. Then tell chromecast to connect to your hotspot. Now you're in the middle between chromecast and the Internet. Wireshark should be able to capture the traffic without any specific plugins.
Make sure you've enabled routing between ethernet and wifi hotspot.

Resources