First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

capture traffic on an access point

  • retag add tags

We are having some problems at my Bridge club where we use tablets to do scoring. The result of a hand is sent over wifi to the scoring machine but sometimes a tablet reports "no response" and we usually have to turn wifi off and on on a tablet to get it to work again.

I would like to use wireshark to capture the transaction between a tablet and an access point when it goes wrong. I can find out the IP address of the access point and the tablet and I know how to filter in wireshark but how do I tell wireshark to monitor the traffic on the remote access point. I assume my laptop needs to be connected to the same LAN as the access point.

By the way, I tried wireshark out at my home with the Bridge scoring software running and my tablet reported an error - it didn't get the feedback from the scoring machine that it was supposed to. When I looked in wireshark it said "TCP out of order" i.e. wireshark reported the fault and it was a real fault. Any idea what this fault means? I wouldn't have thought this was possible - TCP should retry and get the data through but it didn't and the tablet reported "no response".

Thanks for any help.

atom's avatar
1
atom
asked 2019-02-18 12:15:18 +0000
edit flag offensive 0 remove flag close merge delete

Comments

You would need AirPcap to capture wireless traffic between your AP and a tablet. Alternatively some WiFi adapters can be set to monitor mode in Linux.
Linux compatible USB adapters

AirPcap link

net_tech's avatar net_tech (2019-02-18 12:45:59 +0000) edit
more
  • delete

thank you so TP-Link TL-WN722N V1 Atheros AR9271 2.4GHz 802.11N External is our choice since other models are less known

darius's avatar darius (2019-02-18 12:56:52 +0000) edit
more
  • delete

@net_tech Thanks

atom's avatar atom (2019-02-18 20:24:04 +0000) edit
more
  • delete

Is the comment from darius spam?

atom's avatar atom (2019-02-18 20:24:26 +0000) edit
more
  • delete

Presumably the bridge scoring software is running on a server somewhere, is that run by your or somewhere out on the internet?

Capturing the WiFi traffic is a lot harder than capturing over a wired network, and if you can arrange the latter you should do so. Either capture on the AP itself it it supports capturing or by a tap or switch with a mirror port upstream of the AP. There are Wiki pages on WLAN Capture and Ethernet Capture that might help.

Before you dive into capturing though, you must understand the "system" and what traffic is occurring and then plan your capture points, especially as this is an intermittent problem. Presumably the tablets connect to the AP and that then routes traffic to the bridge scoring software running on a server somewhere. The application on the tablet or the server, or the AP itself may have log ... (more)

grahamb's avatar grahamb (2021-06-19 13:04:16 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Best is to get a monitor mode wifi adapter with Atheros AR9271 chipset

eleengreen's avatar
1
eleengreen
answered 2021-06-18 21:16:14 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer