This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wlan monitoring a ping: inside the network only 2 packets, outside 4

0

I have the following network setup:

PC1           monitor node (not connected to the ssid)
PC3           access point 
PC5           client1
PC6           client2

I monitor the traffic on PC1 using Wireshark and PC3 using tcpdump.

When I ping from PC6 to PC5, I can see 4 packets on PC1: 2 Echo requests which travel from PC6 to AP and then to PC5 (mac addresses are adapted on the way) and 2 Echo replies which go the same wa y back.

However, when I am monitoring the traffic inside the network on PC3, I can only see two packets: 1 Echo request from PC6 to PC5 and one reply back. So, the MAC address changes seem to be hidden inside the network.

Why are there only 2 packets when monitoring inside the network and 4 when looking at it from an outside monitor?

asked 11 Jul '13, 04:42

Parsifal's gravatar image

Parsifal
1111
accept rate: 0%

One Answer:

0

However, when I am monitoring the traffic inside the network on PC3

If this is your AP, what OS is this and how did you setup the Soft-AP?

How did you capture the traffic?

Regards
Kurt

answered 11 Jul '13, 04:54

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

We use grml as OS, a Debian derivative. The Soft-AP is setup using hostapd, without encryption. We captured the traffic on PC1 using monitor mode and Wireshark, on PC3 using tcpdump. Thanks!

(11 Jul '13, 06:15) Parsifal

can you please post the whole tcpdump command you were using on PC3?

(11 Jul '13, 06:24) Kurt Knochner ♦