tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

capturing 802.11 station attachment/detachment traffic

From: Michael Richardson <mcr () sandelman ca>
Date: Mon, 22 Sep 2025 12:15:14 -0400

I have problems with wifi my kitchen/Den.  This has gone one for some years
through a number of different access points.  What I think is that some
neighbour has non-compliant equipment (provided by an malicious incumbent
telco) that uses 802.11g without fallback, kicking my equipment out.

This happens most often in the evening, during "prime TV" time.
I think that I need to be capturing from the wifi monitor interface.
That does not seem to still be a thing, so I'm not sure what to do.
Some sequence of "ip link" or "iwconfig mode monitor" commands to turn the
interface on, not associated with any SSID, and just listen.   But, what
channel?   I obviously do not want to capture the entire netflix stream, but
maybe -W filecount is the right answer to avoid missing stuff.

Maybe there are tools that I'm unaware that are specialized for this kind of
thing.   Wavemon would be ideal for this, but it needs to capture info to a file.

Aside from Linux laptops with Intel wifi, I have many USB wireless devices
that were purchased with the hope that they supported VLAN tagging for
traffic seperation, but many had out-of-kernel drivers that were ...
(my mother said not say anything rather than be mean)

I don't think I can/should capture from the AP, as I don't think it will see
if there is a rogue station Disassociations kicking devices off.
The other possibility is that the lack of 802.11g backoff means that my AP
just never is able to get a beacon out, and clients give up.

(I suspect the Roku TV crashes when the network goes away unexpected.  It
restarted 6 times on Sat night, and finally we gave up watching Death in
Paradise)

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [



_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
Previous By Date Next
Previous By Thread Next

Current thread: