Wireless adapter in promiscuous mode:
- connected to the Access Point (AP)
- SSID filtering is switched on => it can receive packets only from AP it is associated with (it receives radio packets from all APs but forwards to the upper layers only those from that particular AP)
- MAC filtering is switched off => it can receive packets destined for any MAC address
- it can't decrypt packets to/from other nodes in secured (WEP, WPA...) networks
- it translates Wi-Fi data frames into wired Ethernet-style frames (IEEE 802.3) so they look like Ethernet frames captured on the LAN interface working in promiscuous mode
Wireless adapter in monitor mode:
- usually NOT connected to the Access Point (depends on the adapter and its driver) => it does not transmit any packets
- SSID filtering is switched off => it can receive packets from any AP within its range
- MAC filtering is switched off => it can receive packets destined for any MAC address
- it can decrypt packets to/from other nodes in secured networks
It is worth adding the following:
- monitor mode does not make sense (and so does not exist) for LAN cards
- all LAN cards support promiscuous mode
- not all Wi-Fi cards support promiscuous and monitor mode
Further reading:Promiscuous mode (Wikipedia)
Monitor mode (Wikipedia)
Wireshark - WLAN (IEEE 802.11) capture setup
No comments:
Post a Comment