hostapd n00b wants to capture all traffic sent / received by BSS - use hostapd?

Kennedy, Smith (Wireless Architect) smith.kennedy at hp.com
Mon Oct 12 18:24:01 EDT 2015


Thanks, Jouni.  I wondered if that was the case.  I will look into virtual monitor sockets.  If you or others could provide me with any links to documentation on setting up "virtual monitor sockets", that would be a big help.

Smith



> On 2015-10-12, at 3:12 PM, Jouni Malinen <j at w1.fi> wrote:
> 
> On Mon, Oct 12, 2015 at 05:37:50PM +0000, Kennedy, Smith (Wireless Architect) wrote:
>> After considering this and reading a bit, a second interface won't meet my objectives.  What I'm really after is a tee to be inserted between hostapd and the 802.11 adapter so that I can capture all 802.11 frames (data, management, everything) passed into the AP (in this case, hostapd), as well as all traffic sent by hostapd to the radio adapter.
>> 
>> I don't know how if hostapd has a built-in option or feature to dump this to a file or pipe, but I've not found one in the hostapd.conf documentation or the man pages yet.  Or maybe the mechanism hostapd uses to interface with the NIC(s) it is controlling provides a "tee" mechanism?  
> 
> Please keep in mind that hostapd does not touch almost any of the Data
> frames going through the AP. The only Data frames it uses are related to
> authentication and key setup (EAPOL frames, RSN pre-authentication) and
> if ProxyARP is enabled, some of ARP/NS/NA frames. If you want to get a
> pretty complete set of frames going through the AP, I would use a
> virtual monitor socket assuming this is with a mac80211-based driver. In
> any case, hostapd is not the place to look for Data frames in general
> (they won't hit user space at all for forwarding cases; never mind
> hitting hostapd).
> 
> -- 
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4956 bytes
Desc: not available
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20151012/6a5ed28b/attachment.bin>


More information about the HostAP mailing list