Hello!
I've faced strange behavior of sniffer. I am trying to capture traffic between Google Home Mini and router.
I see all packets in Wireshark, but ESP promiscuous callback does not deliver some packets. All radio parameters are the same, 11n, SGI, MCS 7, not HT.
I found that I the sniffer delivers packets with successive sequence numbers, but these packets mostly are TCP ACKs that have sequence number in 802.11 MAC header the same as the ACKed packet. I suspect, that WiFi receiver in ESP does replace existing in RX buffer packet with the same sequence number. In consequence, I got only last ACK packet.
Can you confirm such behavior?
Thanks!
promiscuous mode
-
thethinker
- Posts: 57
- Joined: Thu Mar 01, 2018 1:26 am
Re: promiscuous mode
Hi there,
I believe I have observed this too, I have another sniffer sitting right next to it on the same Channel, both just sniffing management packets of type Proberequest. The Esp32 seems to be getting only fraction of the total probes. Looking at the data, it's doing exactly as you stated. Probes with similar content and different sequence numbers that are being broadcasted at the same burst are being filtered/replaced in the buffer.
You are the first person other than me who has ever talked about this, up until now I have been fighting it and thinking its me, but you just confirmed it.
Can somebody at esp please help us? Is there a way to get all the sniffed packets? This is an urgent need for me
I believe I have observed this too, I have another sniffer sitting right next to it on the same Channel, both just sniffing management packets of type Proberequest. The Esp32 seems to be getting only fraction of the total probes. Looking at the data, it's doing exactly as you stated. Probes with similar content and different sequence numbers that are being broadcasted at the same burst are being filtered/replaced in the buffer.
You are the first person other than me who has ever talked about this, up until now I have been fighting it and thinking its me, but you just confirmed it.
Can somebody at esp please help us? Is there a way to get all the sniffed packets? This is an urgent need for me
-
atlascoder
- Posts: 51
- Joined: Wed Aug 30, 2017 12:36 pm
Re: promiscuous mode
Hi, thethinker!
Thanks for your post! I hope we will get some answer))
Thanks for your post! I hope we will get some answer))
-
thethinker
- Posts: 57
- Joined: Thu Mar 01, 2018 1:26 am
Re: promiscuous mode
Any of the ESP guys willing to help us with this please? It has been a while.
Re: promiscuous mode
I am not an ESP guy, but the esp32 can only look at one channel at a time, and not even on one channel only it have the power to collect all packets in the air.
Just my 2 cent
Just my 2 cent
-
thethinker
- Posts: 57
- Joined: Thu Mar 01, 2018 1:26 am
Re: promiscuous mode
Thank you for the suggestionAgree007 wrote:I am not an ESP guy, but the esp32 can only look at one channel at a time, and not even on one channel only it have the power to collect all packets in the air.
Just my 2 cent
at least you answered! I'm fully aware of that I'm talking on the same channel.-
amitsharma1598
- Posts: 2
- Joined: Wed Sep 15, 2021 8:21 am
Re: promiscuous mode
I think its very late but I started working on sniffing with esp32 since only 3-4 months, Iam able to capture a few packets on one channel(hopping channel is possible but not recommended).I decrypted the DATA packets using Wireshark(I have the PSK and captured EAPOL packets). I still did not find a way to decrypt the packets on runtime using aes functions.
Who is online
Users browsing this forum: ok-home and 126 guests