From: Johannes Berg <johannes@sipsolutions.net>
To: Mikael Kanstrup <mikael.kanstrup@gmail.com>,
linux-wireless@vger.kernel.org
Subject: Re: Advice about otherbss monitor flag for Wireshark use
Date: Wed, 13 Jan 2016 09:24:31 +0100 [thread overview]
Message-ID: <1452673471.2191.2.camel@sipsolutions.net> (raw)
In-Reply-To: <CACZXzRCSnc_5vTBRVpX7Z1eY8JtAeeOux_UQknbRCvj5ysbAFQ@mail.gmail.com> (sfid-20160113_085813_855380_BD3C4A26)
On Wed, 2016-01-13 at 08:58 +0100, Mikael Kanstrup wrote:
> Hi,
>
> Roger James reported that capturing wireless data on monitor
> interfaces created by Wireshark only capture frames to/from BSSID of
> the monitor interface. This was solved using iw by setting otherbss
> monitor flag. See Wireshark mailing list thread here:
> https://www.wireshark.org/lists/wireshark-dev/201601/msg00031.html
>
> I suggested a patch to handle this within Wireshark:
> https://code.wireshark.org/review/#/c/13219
>
> Now before merging I hope to get some feedback here if this is safe
> for the general case? For most users/drivers it appears explicitly
> setting the flag is not needed.
>
It should be safe I think. However, it's really only necessary if the
monitor interface isn't the only interface in the system, and more
generally, if that's the case, monitoring may always be less reliable
(though very much depending on the driver.)
However, I'm not entirely happy with this patch (by default, and not
configurable) since we routinely use wireshark (and often tcpdump,
which isn't affected) to debug things where "otherbss" is *not* desired
since we really might *want* to have only packets from the BSS to debug
issues within, and to not affect the wifi NICs operation.
Could it perhaps be made configurable?
johannes
prev parent reply other threads:[~2016-01-13 8:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-13 7:58 Advice about otherbss monitor flag for Wireshark use Mikael Kanstrup
2016-01-13 8:24 ` Johannes Berg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1452673471.2191.2.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=mikael.kanstrup@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).