ifconfig wlan0 promisc 与 iw wlan0 set type monitor 区别
2016-01-05 17:16
435 查看
Monitor mode (RFMON) enables a wireless nic to capture packets without associating with an access point or ad-hoc network. This is desireable in that you can choose to "monitor" a specific channel, and you need never transmit any packets. In fact transmiting
is sometimes not possible while in monitor mode (driver dependent). Another aspect of monitor mode is that the NIC does not care whether the CRC values are correct for packets captured in monitor mode, so some packets that you see may in fact be corrupted.
Monitor mode only applies to wireless networks, while promiscuous mode can be used on both wired and wireless networks. Monitor mode is one of the six modes that 802.11 wireless cards can operate in: Master (acting as an access point), Managed (client, also
known as station), Ad-hoc, Mesh, Repeater, and Monitor mode.
Promiscuous mode allows you to view all wireless packets on a network to which you have associated. The need to associate means that you must have some measn of authenticating yourself with an access point. In promiscuous mode, you will not see packets until
you have associated. Not all wireless drivers support promiscuous mode.
One important difference is Promiscuous mode does, indeed, tell the card to process all frames, (i.e. remove 802.11 frame headers ) including those not destined for it.
But, monitor mode tells the card to pass along the frames intact (with 802.11 headers) and not present plain 'ol Ethernet frames to the host。
Reason
In monitor mode the SSID filter mentioned above is disabed and all packets of all SSID's from the currently selected channel are captured.
Even in promiscuous mode, an 802.11 adapter will only supply packets to the host of the SSID the adapter has joined. Although it can receive, at the radio level, packets on other SSID's, it will not forward them to the host.
So in order to capture all traffic that the adapter can receive, the adapter must be put into "monitor mode", sometimes called "rfmon mode". In this mode, the driver will not make the adapter a member of any service set, so it won't support sending any traffic
and will only supply received packets to a packet capture mechanism, not to the networking stack. This means that the machine will not be able to use that adapter for network traffic; if it doesn't have any other network adapters, it will not be able to:
* resolve addresses to host names using a network protocol such as DNS;
* save packets to a file on a network file server;
etc..
Monitor mode is not supported by WinPcap, and thus not by Wireshark or TShark, on Windows.
It is supported, for at least some interfaces, on some versions of Linux, FreeBSD, and NetBSD.
Command to put Wireless card in monitor mode on linux (Use sudo in front, if not in root login)
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
is sometimes not possible while in monitor mode (driver dependent). Another aspect of monitor mode is that the NIC does not care whether the CRC values are correct for packets captured in monitor mode, so some packets that you see may in fact be corrupted.
Monitor mode only applies to wireless networks, while promiscuous mode can be used on both wired and wireless networks. Monitor mode is one of the six modes that 802.11 wireless cards can operate in: Master (acting as an access point), Managed (client, also
known as station), Ad-hoc, Mesh, Repeater, and Monitor mode.
Promiscuous mode allows you to view all wireless packets on a network to which you have associated. The need to associate means that you must have some measn of authenticating yourself with an access point. In promiscuous mode, you will not see packets until
you have associated. Not all wireless drivers support promiscuous mode.
One important difference is Promiscuous mode does, indeed, tell the card to process all frames, (i.e. remove 802.11 frame headers ) including those not destined for it.
But, monitor mode tells the card to pass along the frames intact (with 802.11 headers) and not present plain 'ol Ethernet frames to the host。
Reason
In monitor mode the SSID filter mentioned above is disabed and all packets of all SSID's from the currently selected channel are captured.
Even in promiscuous mode, an 802.11 adapter will only supply packets to the host of the SSID the adapter has joined. Although it can receive, at the radio level, packets on other SSID's, it will not forward them to the host.
So in order to capture all traffic that the adapter can receive, the adapter must be put into "monitor mode", sometimes called "rfmon mode". In this mode, the driver will not make the adapter a member of any service set, so it won't support sending any traffic
and will only supply received packets to a packet capture mechanism, not to the networking stack. This means that the machine will not be able to use that adapter for network traffic; if it doesn't have any other network adapters, it will not be able to:
* resolve addresses to host names using a network protocol such as DNS;
* save packets to a file on a network file server;
etc..
Monitor mode is not supported by WinPcap, and thus not by Wireshark or TShark, on Windows.
It is supported, for at least some interfaces, on some versions of Linux, FreeBSD, and NetBSD.
Command to put Wireless card in monitor mode on linux (Use sudo in front, if not in root login)
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- apache开源项目--PDFBox
- oracle查询指定月份数据
- Android 动画特效
- Cannot run program "svn" (in directory "F:\Android Stadio\xzsj"): CreateProcess error=2, ϵͳÕҲ»µ½ָ¶
- UIScrollView
- 微信开发笔记
- Android中获取应用程序(包)的大小-----PackageManager的使用(二)
- 观察者模式在Android中的应用
- Android 4.0.4系统下实现apk的静默安装和启动
- mysql使用utf8mb4
- Java 数组实现冒泡排序算法
- Linux细节 - 常用Linux下c语言调试方法
- RHEL7 启动配置
- HTML5 localStorage本地存储实际应用举例
- CSS学习之实例
- RTP打包发送H.264
- Android自定义View 完整版
- 【仿】程序员的表白-源码HTML5+JQ
- python数据结构:bitmap,list链表,树,图
- 怎么解决runtime error r6016