sniffing trouble (wusb54gc)

Live forum:


10-01-2009 08:43:07

I am getting strange results when sniffing wireless packets on my laptop. I can see all of the traffic going from the access point to the clients on the network, but none of the traffic going from the clients to the access point.

some history (using ubuntu 8.10, and testing with a backtrack3 cd from time to time)

My macbook comes with an atheros chip in it. For the past month or so I tried everything I could think of, including some frankensteinish patches to the madwifi drivers trying to get my card working the way I want it, but never had any luck.

I finally broke down, and grabbed a linksys wusb54gc, since I have seen may good reviews online about how well the rt73 drivers work for wireless security purposes. To my surprise, the sniffing behaved the same exact way as the atheros card. I was able to see data sent from the AP to the clients, but nothing from the clients to the AP (except local traffic, like windows netbios traffic etc).

For example, I connect to an open wireless access point with my laptop, and start sniffing. I connect my iphone to the same wireless network, and visit a webpage. From my laptop, I can see the syn/ack sent from the server, and the html code containing the data from the webpage, but I never see the original syn packet that starts the tcp socket, nor do I see the HTTP GET request that requests the page.

All previous cards I have owned (orinoco, ipw2200, etc) have worked the way I expect, where I can see data from other users on the network. Also the other day a friend of mine booted up backtrack3 and was able to sniff normally with his internal broadcom card.

So the question is then, what gives? Has anyone seen anything like this before? Is this how things are supposed to work, and everything else is breaking spec by showing all packets? Is my hardware cursed? Is there some magical flag somewhere that I have overlooked? I really thought that purchasing the new hardware was my final fallback option, and it is more than a little frustrating that I am getting the exact same results as with my old hardware.

I am using the default drivers as shipped with the 2.6.27-11 ubuntu kernel from ubuntu 8.10. (rt73usb etc)