IPTables and monitor mode

Discussion in 'Wireless Internet' started by bjohnsme, Jul 27, 2004.

  1. bjohnsme

    bjohnsme Guest

    Is it possible to forward sniffed packets elsewhere on the lan. e.g.
    - if you have an 802.11 card in monitor mode, will IPTABLES forward
    beacon frames elsewhere on the lan? by the same token, if the sniffed
    packet is a UDP broadcast packet, can that then be broadcast to any
    connected machines?

    I guess I'm really just curious how IPTables handles "sniffed" packets
    in general.
    bjohnsme, Jul 27, 2004
  2. Specify the rule by interface, not IP. Use the copy option if needed.

    $ info iptables


    William Warren, Jul 28, 2004
  3. It would be helpful if you disclosed what you were trying to
    accomplish. I'll make a guess that you're trying to setup a remote
    sniffer station that can sniff wireless traffic over a wired network.

    No big deal. Setup a network service using inetd on an unused IP
    socket. Redirect the sniffed wireless data stream from your wireless
    card to a named pipe that terminates in the service you've setup.
    When you wanna be buried in sniffed packets, simply telnet to the IP
    socket and it should spew data all over your screen. If you need
    formatting or filtering, use sed, awk, perl, or such through a pipe.
    I've done this for collecting data from phone loggers, test equipment,
    goofy network devices, and one mountain top wireless sniffer (a bad
    idea due to almost continuous collisions.)

    One catch is that in its simplest form, the service can handle only
    one telnet connection at a time. If you need more than one
    connection, you'll need to scribble a more complex service based on

    As for IPTables, methinks you will need to setup a rule set for the
    new service by interface and IP socket number. You can make that do
    whatever you want and not affect operation on other interfaces.
    Jeff Liebermann, Jul 28, 2004
