Not remove interface when wpa_supplicant shuts down

Pavel Roskin proski at gnu.org
Tue Jun 15 18:13:03 EDT 2010


On Mon, 2010-06-14 at 01:17 +0100, Panagiotis Georgopoulos wrote:

> 	Well, am I not correct in thinking though, that getting another
> device to sniff packets (get a wifi card to monitor in promiscuous mode) is
> counter with the end goal of securing and authenticating a client
> successfully? I guess that the new device will not be able to see *all* the
> packets as the AP sees them, and more specifically not see their content
> unencrypted. Unless you  suggest to remove security as much possible for the
> sake of debugging, but in the end that is what I want to debug... am I
> missing something obvious in your suggestion?

I think you have unrealistic expectations.  I don't think there is a
universal way to get all traffic (not just data frames) in unencrypted
form from one interface.

You'll get encrypted data on the air, but you'll still have some
information, such as the frame types and timings, which may be useful
for debugging.

There are command line tools for decryption, such as the openssl binary
that comes with OpenSSL.  You should be able to decrypt the traffic.
Alternatively, you can dump the specific packets by changing the code of
hostapd or the kernel.

-- 
Regards,
Pavel Roskin


More information about the HostAP mailing list