You are not logged in.
- Topics: Active | Unanswered
#1 2012-01-08 16:32:45
- Morfir
- Member
- From: In The Valley Of The Walls
- Registered: 2011-11-10
- Posts: 3
Wireshark Packetloss between Arch-64 and Backtrack-32
Hey Guys,
I was not going to post this here, but I have a feeling it might have something to do with arch. First let me give you a little background. I typically run backtrack whenever I am doing any form of security analysis however recently I have started using arch because I use it as my main distro and it is more convenient than rebooting into Bt5. Currently I am working on going through the Security tube WiFi Mega-Primer series, trying to learn all of the theory behind packet analysis... I would highly recommend this to anyone interested in doing the same. Anyways, I am trying to repeat his results of setting up a WEP encrypted access point, and having a "attacker" computer monitor the traffic while decrypting it using Wireshark. It should be very basic stuff, but I keep running into a packet loss that I only experience when I am using arch. My typical procedure looks something like this:
1. Drop the card(Afla dongle) into monitor mode
2. Fire up Wireshark and start sniffing on mon0 (Filtering out anything except traffic coming to or from my test AP)
3. Then I go for a simple WEP association and authentication using a separate device, typically a laptop.
Here is where the problem begins. On a completely separate machine running Bt5 using the same procedure above, I see the complete association and authentication from both parties. On my Arch machine running Wireshark, I only saw a single packet from the association. So I am thinking OK, packet loss, not a big deal. So I keep going and after a little while I realize that the arch machine is only picking up a fraction of the packets that the bt5 machine is picking up while running them both simultaneously. So here is my question,
Why am I only experiencing a packet loss using Wireshark on Arch and not Bt5?
Both the machines are using two of the same Afla Cards, both of them are within 3 feet of each other, and they both are running the latest Wireshark rebuilt from source code on both machines.
The only real difference is that one machine is using Arch 64 bit and the other is using Bt5 32 bit.
Can anyone explain this difference in packet capture?
I can post screen shots, capture files, logs whatever just let me know, but I don't understand how this can be happening.
Regards,
Morfir
Offline
#2 2012-01-13 14:16:49
- clovenhoof
- Member
- From: Bulgaria
- Registered: 2010-09-16
- Posts: 82
Re: Wireshark Packetloss between Arch-64 and Backtrack-32
I'm also experiencing packet loss in my home wireless network. Before a month (or two) ago everything was OK. I suspect something wrong in kernel and waiting for linux-3.2.1.
I noticed packet loss after ssh-ing to another machine in my LAN. At the beginning (ssh-ing) everything was fine, but after some random moment my ping to the home-router gets increased time and ssh-ing lags.
Last edited by clovenhoof (2012-01-13 14:17:15)
Offline