Hard to be Promiscuous

In a previous blog entry, I discussed strategies for snooping out wi-fi hogs. Unfortunately, when I went out to cast my net, the only fish pulled in was myself. It turns out the approach I described doesn't work on my laptop, an Inspiron 600m with Intel 2200BG wireless network controller (ipw2200 driver).

In a shared network technology such as wireless Ethernet, the network controller typically picks out just the packets addressed to it, ignoring everybody else's traffic. Some controllers can be placed into promiscuous mode. In this mode the controller accepts all packets, so a program can monitor all the traffic on the network.

The ipw2200 driver doesn't provide a simple promiscuous mode, so the solutions I described don't work.

I've found two workarounds.

First, I can switch the wireless Ethernet controller from "Managed" to "Monitor" mode with a command such as:

iwconfig eth1 mode Monitor

Then, I can launch a program such as Wireshark to monitor the traffic.

The drawback to this approach is that I can't use the wireless Ethernet for normal communications.

The second workaround is to use the "rtap" capability of the ipw2200 driver. When enabled, this creates an entirely new Ethernet device that can be used for monitoring. Here is how I did this:

echo 1 > /sys/bus/pci/drivers/ipw2200/*/rtap_iface
ifconfig rtap0 up

Then, I could run Wireshark on the rtap0 device.

In the previous article I decided to use the iftop utility to monitor traffic, because it looked like it would provide the simple summary statistics I need. That program, unfortunately, won't work with the rtap interface. Thus, I need to use the more capable but complicated Wireshark program. I'm sure there is a summary report that will provide the info I need to snoop out wireless hogs. I haven't found it yet, but I'll keep looking.