Hi,
Roger James reported that capturing wireless data on monitor
interfaces created by Wireshark only capture frames to/from BSSID of
the monitor interface. This was solved using iw by setting otherbss
monitor flag. See Wireshark mailing list thread here:
https://www.wireshark.org/lists/wireshark-dev/201601/msg00031.html
I suggested a patch to handle this within Wireshark:
https://code.wireshark.org/review/#/c/13219
Now before merging I hope to get some feedback here if this is safe
for the general case? For most users/drivers it appears explicitly
setting the flag is not needed.
/Mikael
On Wed, 2016-01-13 at 08:58 +0100, Mikael Kanstrup wrote:
> Hi,
>
> Roger James reported that capturing wireless data on monitor
> interfaces created by Wireshark only capture frames to/from BSSID of
> the monitor interface. This was solved using iw by setting otherbss
> monitor flag. See Wireshark mailing list thread here:
> https://www.wireshark.org/lists/wireshark-dev/201601/msg00031.html
>
> I suggested a patch to handle this within Wireshark:
> https://code.wireshark.org/review/#/c/13219
>
> Now before merging I hope to get some feedback here if this is safe
> for the general case? For most users/drivers it appears explicitly
> setting the flag is not needed.
>
It should be safe I think. However, it's really only necessary if the
monitor interface isn't the only interface in the system, and more
generally, if that's the case, monitoring may always be less reliable
(though very much depending on the driver.)
However, I'm not entirely happy with this patch (by default, and not
configurable) since we routinely use wireshark (and often tcpdump,
which isn't affected) to debug things where "otherbss" is *not* desired
since we really might *want* to have only packets from the BSS to debug
issues within, and to not affect the wifi NICs operation.
Could it perhaps be made configurable?
johannes