Is IPW2200 monitoring FW still broken?
I miss huge amounts of packets when I try to monitor
some traffic.
I'm using current wireless-2.6 + v3.0 firmware.
Using two antennas.
--
Greetings Michael.
Michael Buesch wrote:
> Is IPW2200 monitoring FW still broken?
> I miss huge amounts of packets when I try to monitor
> some traffic.
>
> I'm using current wireless-2.6 + v3.0 firmware.
>
> Using two antennas.
>
What type of frames? Data or management & control?
If you use wireshark to capture, you can't update the packet capture
window or you'll lose packets; but you should be able to get them all if
you're doing a tethereal > somefile or if you turn off the update of the
main window.
I'm not sure if it can capture control frames or not. I seem to recall
it getting some ACK frames but I don't think it was passing up all of
them, or if it ever passed up the CTS frames. But you should be getting
the bulk of the data frames.
Yi -- do you recall what the ipw2200 firmware would pass up?
James
On Thursday 15 February 2007 19:07, James Ketrenos wrote:
> Michael Buesch wrote:
> > On Thursday 15 February 2007 18:43, James Ketrenos wrote:
> >> Michael Buesch wrote:
> >>> On Thursday 15 February 2007 17:35, James Ketrenos wrote:
> >>>> you can't update the packet capture
> >>>> window or you'll lose packets; but you should be able to get them all if
> >>>> you're doing a tethereal > somefile or if you turn off the update of the
> >>>> main window.
> >>> "update of the packet capture window". What's that?
> >>> I started a simple traffic monitoring in wireshark. Nothing fancy.
> >> In the 'Capture Options', the only option you can set is 'Hide capture
> >> info dialog'. If you turn on 'Update list of packets in real time' or
> >> 'Automatic scrolling in live capture', packets get dropped. I don't
> >> know if its a libpcap queue that fills up, if it starves the NIC, or
> >> what--but having those turned on greatly reduces the # of packets you'll
> >> capture.
> >
> > Hm, yeah. I have that turned on. But I don't see this issue
> > when monitoring with bcm43xx hardware.
> >
>
> I had read about it on a libpcap forum a while ago (it wasn't an ipw2x00
> issue that was being discussed); I never looked into the root cause of
> it since I figured it was 'just the way it was'.
>
> If you turn it off, does the # of packets captured improve w/ the ipw2200?
No. packet (beacon) sequence numbers from my AP are:
201, 202, 204, 205, 206, 209...
Just as an example.
--
Greetings Michael.
On Thursday 15 February 2007 17:35, James Ketrenos wrote:
> Michael Buesch wrote:
> > Is IPW2200 monitoring FW still broken?
> > I miss huge amounts of packets when I try to monitor
> > some traffic.
> >
> > I'm using current wireless-2.6 + v3.0 firmware.
> >
> > Using two antennas.
> >
>
> What type of frames? Data or management & control?
Well, I saw beacons from my AP getting lost an I immediately gave up.
> If you use wireshark to capture,
I do.
> you can't update the packet capture
> window or you'll lose packets; but you should be able to get them all if
> you're doing a tethereal > somefile or if you turn off the update of the
> main window.
"update of the packet capture window". What's that?
I started a simple traffic monitoring in wireshark. Nothing fancy.
> I'm not sure if it can capture control frames or not. I seem to recall
> it getting some ACK frames but I don't think it was passing up all of
> them, or if it ever passed up the CTS frames. But you should be getting
> the bulk of the data frames.
>
> Yi -- do you recall what the ipw2200 firmware would pass up?
It never passed up ACK frames for me. But that's ok.
--
Greetings Michael.
On Thursday 15 February 2007 18:43, James Ketrenos wrote:
> Michael Buesch wrote:
> > On Thursday 15 February 2007 17:35, James Ketrenos wrote:
> >> you can't update the packet capture
> >> window or you'll lose packets; but you should be able to get them all if
> >> you're doing a tethereal > somefile or if you turn off the update of the
> >> main window.
> >
> > "update of the packet capture window". What's that?
> > I started a simple traffic monitoring in wireshark. Nothing fancy.
>
> In the 'Capture Options', the only option you can set is 'Hide capture
> info dialog'. If you turn on 'Update list of packets in real time' or
> 'Automatic scrolling in live capture', packets get dropped. I don't
> know if its a libpcap queue that fills up, if it starves the NIC, or
> what--but having those turned on greatly reduces the # of packets you'll
> capture.
Hm, yeah. I have that turned on. But I don't see this issue
when monitoring with bcm43xx hardware.
--
Greetings Michael.
Michael Buesch wrote:
> Is IPW2200 monitoring FW still broken?
> I miss huge amounts of packets when I try to monitor
> some traffic.
I had the same problem with ipw2200 once. I lost the hardware before I
had a chance to dig into it, but then noticed ipw3945 on my laptop doing
the same thing.
I've now narrowed it down a bit further: if i load ipw3945/ipw3945d and
associate to a network in managed mode before switching to monitor mode,
then when monitoring I only see about 1/4 of all traffic.
But, if I load the driver and go straight into monitor mode, things are
peachy. Maybe the same thing is happening for ipw2200?
Daniel
Michael Buesch wrote:
> On Thursday 15 February 2007 18:43, James Ketrenos wrote:
>> Michael Buesch wrote:
>>> On Thursday 15 February 2007 17:35, James Ketrenos wrote:
>>>> you can't update the packet capture
>>>> window or you'll lose packets; but you should be able to get them all if
>>>> you're doing a tethereal > somefile or if you turn off the update of the
>>>> main window.
>>> "update of the packet capture window". What's that?
>>> I started a simple traffic monitoring in wireshark. Nothing fancy.
>> In the 'Capture Options', the only option you can set is 'Hide capture
>> info dialog'. If you turn on 'Update list of packets in real time' or
>> 'Automatic scrolling in live capture', packets get dropped. I don't
>> know if its a libpcap queue that fills up, if it starves the NIC, or
>> what--but having those turned on greatly reduces the # of packets you'll
>> capture.
>
> Hm, yeah. I have that turned on. But I don't see this issue
> when monitoring with bcm43xx hardware.
>
I had read about it on a libpcap forum a while ago (it wasn't an ipw2x00
issue that was being discussed); I never looked into the root cause of
it since I figured it was 'just the way it was'.
If you turn it off, does the # of packets captured improve w/ the ipw2200?
James
Michael Buesch wrote:
> On Thursday 15 February 2007 17:35, James Ketrenos wrote:
>> you can't update the packet capture
>> window or you'll lose packets; but you should be able to get them all if
>> you're doing a tethereal > somefile or if you turn off the update of the
>> main window.
>
> "update of the packet capture window". What's that?
> I started a simple traffic monitoring in wireshark. Nothing fancy.
In the 'Capture Options', the only option you can set is 'Hide capture
info dialog'. If you turn on 'Update list of packets in real time' or
'Automatic scrolling in live capture', packets get dropped. I don't
know if its a libpcap queue that fills up, if it starves the NIC, or
what--but having those turned on greatly reduces the # of packets you'll
capture.
James
On Sunday 18 February 2007 04:41, Daniel Drake wrote:
> Michael Buesch wrote:
> > Is IPW2200 monitoring FW still broken?
> > I miss huge amounts of packets when I try to monitor
> > some traffic.
>
> I had the same problem with ipw2200 once. I lost the hardware before I
> had a chance to dig into it, but then noticed ipw3945 on my laptop doing
> the same thing.
>
> I've now narrowed it down a bit further: if i load ipw3945/ipw3945d and
> associate to a network in managed mode before switching to monitor mode,
> then when monitoring I only see about 1/4 of all traffic.
>
> But, if I load the driver and go straight into monitor mode, things are
> peachy. Maybe the same thing is happening for ipw2200?
I went straight into monitor mode.
--
Greetings Michael.
On Thu, 2007-02-15 at 08:35 -0800, James Ketrenos wrote:
> If you use wireshark to capture, you can't update the packet capture
> window or you'll lose packets; but you should be able to get them all if
> you're doing a tethereal > somefile or if you turn off the update of the
> main window.
I don't have that problem with bcm43xx at all, my machine can keep up
quite easily.
johannes