Hi everybody I am using Alfa AWUS036H usb Wifi device with Arch Linux (kernel 4.3.3) to capture wifi traffic. I have setup an open access point which should be easy to sniff. I tried for many days but couldn't catch any tcp data. There were numerous protocols like 802.11 broadcasts, NBNS, UDP, ICMPv6, ARP, SSDP, LLMNR etc but no tcp. Then I booted a live kali cd and repeated the same procedure exactly. This time everything worked fine and there was plentiful tcp traffic. My question is: While both Arch and Kali systems are using the same driver (rt2800usb), why can't I capture tcp on Arch? Regards edit: Just tested everything once again. Both Kali and Arch are using version 2.3.0 of rt2800usb driver. I put the device in monitor mode using 'airmon-ng start wlan0'. Then start capturing data using 'airodump-ng wlan0mon' so I start seeing info about nearby access points. At this stage I start data capture on Wireshark. Here onwards, Kali gives loads of tcp data but Arch doesn't capture a single tcp packet. asked 10 Jan '16, 10:30  fulcrumm edited 10 Jan '16, 14:48 |
One Answer:
if you really (really) repeated the EXACT same procedure on both systems, the only logical answer would be: The driver version in Arch Linux and Kali is different and that's the reason why it fails on Arch and works on Kali. Regards answered 10 Jan '16, 13:08  Kurt Knochner ♦ |
Please see the updated post.
O.K. then maybe different versions of libpcap, Wireshark or even airodump-ng?
Yes, Kali and Arch were using different versions of all these software. It took hours but I was finally able to install the same versions on Arch as those on Kali (libpcap 1.6.2, aircrack-ng 1:1.2-2-rc2, wireshark 1.12.6). Still no luck capturing any TCP.
O.K. one last thing. Can you please check TCP offloading in both kernels?
is there any difference that could explain the behaviour?