[Cerowrt-devel] [Bloat] capturing packets and applying qdiscs
Richard Smith
smithbone at gmail.com
Fri Mar 27 14:13:17 EDT 2015
On 03/27/2015 01:21 PM, Aaron Wood wrote:
> Using the following filter in Wireshark should get you all that 6Mbps
> traffic:
>
> radiotap.datarate == 6
Thanks. I'd not discovered that yet although I have so much of it that
finding 6mbit packets is not much of a problem.
> Then it's pretty easy to dig into what those are (by wifi frame-type, at
> least). At my network, that's mostly broadcast traffic (AP beacons and
> whatnot), as the corporate wifi has been set to use that rate as the
> broadcast rate.
Yeah. Beacons are supposed to be that low but that's only every 100ms.
On my network its there are loads of data packets that are sent at 6mbit.
> without capturing the WPA exchange, the contents of the data frames
> can't be seen, of course.
And this is where I seem to stall out. Even when I capture the full WPA
exchange I only have limited success at getting wireshark to decode all
my traffic.
I have more success with using airdecap-ng decoding and then feeding
that to wireshark but there are still times when it can't decode things
and I can't see why. The full WPA exchange is clearly visible in the
packet capture.
--
Richard A. Smith
More information about the Cerowrt-devel
mailing list