Tcpdump on wireless only shows traffic to and from iMac running tcpdump

Hello,
I'm trying to run tcpdump to see traffic on my wireless network.
So far, I'm only able to see packets that are to, or from, the iMac
that is running tcpdump.
I have NOT been able to get tcpdump to show me traffic between other
devices on my network, such as an iPod Touch and the outside
world. I'd like to be able to see DNS, HTTP, and SMTP traffic
so I can troubleshoot a device on my network that collects production
data from a solar photovoltaic system and is supposed to email reports
to me periodically. Recently the reports stopped arriving.
If I run this tcpdump command as root I see lots of traffic, but all the
packets are either from my iMac or addressed to it.
# tcpdump -i en1
If I run tcpdump with the arguments “host 10.0.1.3” which is
the IP address of the iPod Touch.
I'll see packets that are exchanged between it and the iMac,
but nothing between 10.0.1.3 and the outside world.
Here's what tcpdump looks like if I ping the iPod Touch from the
iMac and also browse the web on the iPod:
# tcpdump -i en1 host 10.0.1.3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes
00:29:32.021824 ARP, Request who-has 10.0.1.3 tell 10.0.1.2, length 28
00:29:32.227498 ARP, Reply 10.0.1.3 is-at 90:84:0d:3a:32:9c (oui Unknown), length 28
00:29:32.227525 IP 10.0.1.2 > 10.0.1.3: ICMP echo request, id 33391, seq 0, length 64
00:29:32.229182 IP 10.0.1.3 > 10.0.1.2: ICMP echo reply, id 33391, seq 0, length 64
00:29:33.021892 IP 10.0.1.2 > 10.0.1.3: ICMP echo request, id 33391, seq 1, length 64
00:29:33.146741 IP 10.0.1.3 > 10.0.1.2: ICMP echo reply, id 33391, seq 1, length 64
00:29:34.021939 IP 10.0.1.2 > 10.0.1.3: ICMP echo request, id 33391, seq 2, length 64
00:29:34.068533 IP 10.0.1.3 > 10.0.1.2: ICMP echo reply, id 33391, seq 2, length 64
The ping traffic shows up as ICMP packets, but there's no sign of HTTP traffic.
My impression from what I’ve read on the web is that others have been able to do
packet sniffing of the “in-use” Airport network using tcpdump on Mac OS X and that
tcpdump automatically puts the interface in the required mode (promiscuous?).

I don’t know what I’m missing.
Thanks for any advice.
Model Name: iMac
Model Identifier: iMac10,1
Processor Name: Intel Core 2 Duo
Processor Speed: 3.06 GHz
System Version: Mac OS X 10.6.2 (10C2234)
Kernel Version: Darwin 10.2.0
Software Versions:
Menu Extra: 6.2 (620.24)
configd plug-in: 6.2 (620.15.1)
System Profiler: 6.0 (600.9)
Network Preference: 6.2 (620.24)
AirPort Utility: 5.4.2 (542.23)
IO80211 Family: 3.1 (310.6)
Interfaces:
en1:
Card Type: AirPort Extreme (0x168C, 0x8F)
Firmware Version: Atheros 9280: 2.1.9.5
Locale: FCC
Country Code: US
Supported PHY Modes: 802.11 a/b/g/n
Supported Channels: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 36, 40, 44, 48, 52, 56,
60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161, 165
Wake On Wireless: Supported
Status: Connected
Current Network Information:
PHY Mode: 802.11n
Channel: 2
Network Type: Infrastructure
Security: WPA2 Personal

William Boyd, Jr. wrote:
LGardener wrote:
I'm trying to run tcpdump to see traffic on my wireless network.
So far, I'm only able to see packets that are to, or from, the iMac
that is running tcpdump.
What you want is known as "promiscuous mode". On Mac OS X 10.5.8 that seems to be the default. I'm not running a 10.6 Mac (yet), so I can't check what the tcpdump behavior is on that system. Try "man tcpdump" to see what it tells you about that.
Thank you William.
Here’s my take on what the tcpdump manpage on Mac OS X 10.6.2 has to say related to promiscuous mode:
“Reading packets from a network interface may require that you have special privileges; see the pcap (3PCAP) man page for details.” The pcap(3) manpage says on Mac OS X “You must have read access to /dev/bpf*.” Since I’m running tcpdump as root I assume that is covered.
If you run tcpdump with the arguments “-i any” captures will not be done in promiscuous mode. I’m not using “-i any” so that does not apply.
“-p Don't put the interface into promiscuous mode.” This implies that the default
mode is promiscuous.
The tpcdump and pcap manpages also discuss monitor mode for wireless, but I don’t think that is what I’m after since I only want packets from my “associated network.” I’m not trying to get packets from other networks in the area, that is ones with different SSIDs.
Can anyone who is running 10.6.2 confirm that tcpdump supports promiscuous mode on a wireless LAN. My orginal note outlined a way to test this, in my case using an iMac to run tcpdump and another device, an iPod touch, to generate some (HTTP) network traffic by browsing the web. The question is does tcpdump capture the packets going to and from the second device (iPod Touch) and the external web server. On my network the iPod Touch has address 10.0.1.3 so I could run tcpdump on the iMac and limit the capture to packets that are going to or from the iPod using this command:
sudo tcpdump -i en1 host 10.0.1.3
While this tcpdump command was running I browsed the web on the iPod Touch. What I wanted and expected to see was a bunch of HTTP packets, but none appeared.
Thanks for any input or advice.

Similar Messages

  • My email only shows the "to" and "from" info but not the content of the email. Please help. Thanks

    My email only shows the "to" and "from" info. There is no information at all in the body of my email messages. Please help. Thanks.

    Close the mail app and reboot the iPad.
    Tap the home button once. Then tap the home button twice and the recents tray will appear at the bottom of the screen. Tap and hold down on any app icon until it begins to wiggle. Tap the minus sign in the upper left corner of the mail icon. Tap the home button twice.
    Reboot the iPad by holding down on the sleep and home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider if it appears on the screen - let go of the buttons. Let the iPad start up.

  • Why does Startup Manager only show Recovery HD and not my other drives like Macintosh HD and my USB drive?

    I'm not really sure what happened to my Mac but when I start it, it only shows Recovery HD and nothing else.  I tried re-installing Mountain Lion through my Apple ID but it states that I have not purchased it and will not let me proceed.  I have bought a usb drive that has Mountain Lion, since I cannot purchase it in the apple store, on it to install it from there but I cannot boot into my USB because it only shows "Recovery HD" in Startup Manager.  I would really appreciate some input from you all, thank you for your time in advance. 

    Either your drive is failing or has been corrupted. Please try the following. You cannot do the following unless you have purchased Lion or later. From your post that's not clear. Without knowing your exact model I cannot tell you what to do.
    Reinstall Lion, Mountain Lion, or Mavericks without erasing drive
    Boot to the Recovery HD:
    Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.
    Repair
    When the recovery menu appears select Disk Utility. After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list.  In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive.  If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported then click on the Repair Permissions button. When the process is completed, then quit DU and return to the main menu.
    Reinstall Lion, Mountain Lion, or Mavericks
    OS X Mavericks- Reinstall OS X
    OS X Mountain Lion- Reinstall OS X
    OS X Lion- Reinstall Mac OS X
        Note: You will need an active Internet connection. I suggest using Ethernet
                    if possible because it is three times faster than wireless.
    If your computer is a 2010 or earlier model, then you should be able to do the following:
    Reinstall OS X without erasing the drive
    1. Repair the Hard Drive and Permissions
    Boot from your Snow Leopard Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Utilities menu. After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list.  In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive.  If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the installer.
    If DU reports errors it cannot fix, then you will need Disk Warrior and/or Tech Tool Pro to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.
    2. Reinstall Snow Leopard
    If the drive is OK then quit DU and return to the installer.  Proceed with reinstalling OS X.  Note that the Snow Leopard installer will not erase your drive or disturb your files.  After installing a fresh copy of OS X the installer will move your Home folder, third-party applications, support items, and network preferences into the newly installed system.
    Download and install Mac OS X 10.6.8 Update Combo v1.1.

  • Mini DV to Video only shows in black and white

    I bought a mini dv to video from an apple shop so that i could watch films on my tv. I connected it to my tv at home and it worked perfectly, but when i try to connect it to my parents tv it only shows in black and white... both tvs are of roughly the same age...I'm connecting the yellow wire to the scart on the back of the tv to the yellow socket on the adapter
    how come it works on one tv and not the other one?

    When you press the INPUT button on the remote to cycle through the inputs, is "ColorStream HD" listed? Is "Video" listed?
    The Xbox is connected using 5 cables, correct? Red, blue, green, white, and red?
    - Peter

  • Films only showing in black and white

    hi,
    I've just got the Iphone and when I try and watch a film from Itunes through my tv using the AV composite cable it will only show in black and white. The cable is new and when I've tried it with my 5th gen Ipod it works fine. I've checked the connections and everything seems to be hooked up OK. Anyone have any ideas on how to fix this?

    When installing the new cartridges, did you get the message "Original HP cartridges have been installed"?
    Can you check the ink levels and actually see the been color displayed?
    Although I am an HP employee, I am speaking for myself and not for HP.
    *Say thanks by clicking the "Kudos! Star" which is on the left*
    Make it easier for other people to find solutions, by marking my answer with "Accept as Solution" if it solves your issue.

  • Toshiba 40E220U - Only shows in black and white

    I purchased a Toshiba 40E220U a few weeks ago and tried using it with my Xbox and it will only show in black and white.  The Xbox has all the updated cabling (red, blue, green instead of the red, white, yellow combination).  I can't seem to figure out what I am doing wrong and why it won't show in color.  Any one have any suggestions?

    When you press the INPUT button on the remote to cycle through the inputs, is "ColorStream HD" listed? Is "Video" listed?
    The Xbox is connected using 5 cables, correct? Red, blue, green, white, and red?
    - Peter

  • 32L1400U TV only shows in black and white !

    Model 32l1400U is 4 months old and is only used as a TV ( no games , DVD  player are  hooked up )
    it only shows in Black and White
    i looked thur the menu and see no option for black and white !
    TV has been playing in color untill about a week ago
    Thanks  

    When you press the INPUT button on the remote to cycle through the inputs, is "ColorStream HD" listed? Is "Video" listed?
    The Xbox is connected using 5 cables, correct? Red, blue, green, white, and red?
    - Peter

  • Why does my ipod only show an apple and wont start up

    Why does my Ipod only show an apple and wont do anything else>  And holding down the two buttons has done nothing!

    Try:
    - iOS: Not responding or does not turn on
    - If not successful and you can't fully turn the iPod fully off, let the battery fully drain. After charging for an least an hour try the above again.
    - If still not successful that indicates a hardware problem and an appointment at the Genius Bar of an Apple store is in order.

  • I've upgraded my pc and now Im getting an error message when Im trying to sync my ipod saying I have two itunes libraries. The library thats there is only showing some songs and it's not uploading songs Ive just bought.

    I've upgraded my pc and now Im getting an error message when Im trying to sync my ipod saying I have two itunes libraries. The library thats there is only showing some songs and it's not uploading songs Ive just bought.

    You seem to have tried everything, and you say it's syncing fine on your Dad's iMac, so I assume, you have also  done a Disk Diagnostic from an earlier post by tt2 and conclude that your iPod Hardisk is good.
    You don't have to use it as a heavy paperweight, the problem is only using your Windows 7 machine for syncing.
    In your troubleshooting steps, did you try to use another High-Speed USB 2.0 port, USB controller resource are very scarce, so if you use other USB devices, while syncing your iPod, it may just freeze.
    Windows have a bad reputation for device conflict, so better don't connect other  USB devices, while syncing, better sync it while disconnected from Internet, stop antivirus just before you go to bed.
    Have a nice day!

  • I just got my a new iphone 4 from O2. i plugged in my phone to my computer(windows 7). itunes doesnt open automatically. when i opened the itunes,its still not detecting my phone. on the phone it only shows the cable and itunes logo. please help

    I just got my a new iphone 4 from O2. i plugged in my phone to my computer(windows 7). itunes doesnt open automatically. when i opened the itunes,its still not detecting my phone. on the phone it only shows the cable and itunes logo. please help

    Did you try to remove all Apple related software and reinstall iTunes again? Removing iTunes, QuickTime, and other software components for Windows Vista and 7

  • HT1551 my apple tv is only showing apple logo and the white light keeps flashing what do i do

    my apple tv is only showing apple logo and the white light keep on flashing can anyone help

    You have to restore the device using iTunes
    Apple TV (2nd generation): Restoring your Apple TV
    support.apple.com/kb/HT4367
    You need a micro-usb cable and the ATV must be in DFU mode (Hold down the menu and play button for 7secs)
    Apple TV (1st generation): How to perform a factory restore
    support.apple.com/kb/HT3199 

  • "How do i add more than 2 downloads in Downloads window?" "Downloads window" only show 2 download and don't show third one and else

    How do i download more than 2 downloads in "Downloads window"?
    "Downloads window" only show 2 download and don't show third one and more, They be wait until one of first or second complete.
    == This happened ==
    Every time Firefox opened
    == Downloads

    You have some extensions that related to downloading listed in the Troubleshooting information.
    It is probably one of them that is causing that problem.
    What kind of files are you trying to download?
    Are all the files downloaded from the same server?
    See [[Troubleshooting extensions and themes]]
    DownloadHelper
    DownThemAll!
    IDM CC

  • HT4061 I tried to update my itunes and phone and it said "error" and now my phone only shows the charger and and itunes icon

    I was trying to update my iphone 4s and it came up an error.  Now my phone only shows a charger and the itunes app.

    You might need to do a few times
    http://support.apple.com/kb/HT1808

  • With last update to aperture  photos only show in photos and not in folders. Any idea?

    With latest update my photos are only showing in photos and not individual projects. Though when I mouse over project it gives me number of photos? Any ideas?

    Do you have a filter enabled? Anything other than Showing All in the search field?

  • HT1491 My iTunes only show: iTunes U and category , no music and books and other stuffs.

    My iTunes only show: iTunes U and category , no music and books and other stuffs. Is it because of my Chinese ID?

    You can only purchase content from the store where your credit card is registered - and that credit card must be registered to a valid address in that country. I am afraid that you are restricted in what you can legally purchase from Apple.
    Sometimes the restiction of content has to do with licensing rights and sometimes governments will restrict the content that Apple is allowed to sell in their countries.

Maybe you are looking for

  • Disk utility not responding

    Hello. I've got a MacBook Pro which my daughter turned off and on badly resulting in a grey screen.  Followed instructions for that issue and have got to installing the disc utility DVD which came with the mac.  Clicked on the hard drive and then 'fi

  • Can two programs share a task?

    I have a program that continously writes to a PCI-6711 card for analog output.  Well, i periodically poll the card to know when there is enough buffer space to write more data.  Unfortunately, this seems to take more cpu than i would like, therefore,

  • The serial number I was given is "invalid" when I try to install my Lightroom download.

    I bought and downloaded Lightroom, but when I try to install it and activate it, I type in the serial number I was given but it says it's "invalid". Help!

  • Initializing an array of generics

    Hello all, I have declared an array of Vector with generics. The declaration is OK but the initialization gives me an error. This is the declaration Vector<Integer>[] x;This must be an array. Each element of the array is of type Vector<Integer>. I tr

  • Projects in a plant

    Hi, in one manufacturing plant, we work for different projects. each project we procure seperately by seperate mrp controllers. we want to run mrp individual for each project. pls suggest what method of planning is best in this scenario?