0

I'm troubleshooting some issues with my wireless network (OpenWrt 19.x and mobile device) and I came across this: https://dot11.exposed/2017/09/20/violation-of-802-11-standard-intel-wireless-cards-send-40mhz-intolerant-bit-in-5ghz/

Most notably, this particular shot of the capture: enter image description here

This is exactly what I'm looking for, but I cant figure out how to capture that information.
ssh root@myRouter tcpdump -i wlan1 -U -e -s0 -w - 'not port 22' | "C:\Program Files\Wireshark\Wireshark.exe" -k -i - gets me only basic post-handshake info (four IEEE802.11x messages) and then it jump straight into DHCP. But I need to get full info of the capabilities both router and device send each other to see what's up.

KreonZZ
  • 13
  • 3

1 Answers1

1

The feature to be able to read frames without association is called monitor mode.

Just like promiscuous mode for reading packets not addressed for the host, this IEEE 802.11 counterpart instructs the card&driver to make those frame available.

tcpdump is able to automatically enabled it for you, using the -I option. Note that activating it "might disassociate from the network with which it's associated", meaning you might get disconnected if that card was also your only link to the web. And if your driver is bad, you might even need to reboot to get the card back to its normal mode of operation.

anx
  • 8,963
  • 5
  • 24
  • 48
  • Huh, what does the last quote part means? – KreonZZ Jan 16 '21 at 15:04
  • You got me confused is this operation not reversible? Does it require firmware reflash to get rid of consequences? – KreonZZ Jan 17 '21 at 03:45
  • No, worst you will need is a reboot. In theory the card is meant to allow you to switch between modes arbitrarily. In practice, and to this day not uncommonly, things can get stuck or misbehave as most manufacturers are being rather uncooperative about providing & supporting proper drivers. – anx Jan 17 '21 at 04:45