Packet lost while monitoring a Wifi connection
Hi,
I have a VNC connection between one of our devices (1) and my computer (2). From time to times the VNC display would freeze for a few second. I suspect some lost of packets on the Wifi (signal strength is not very high).
So I setup another computer (3) to spy on the exchange. On that computer (3) with Wireshark and promiscuous mode (I filter the capture with the tcp port). My problem is that I received only 2 frames in about 10 minutes (While I see dozens per second on the computer(2)). Can someone explain that big a difference ?
On the spying computer (3), if I remove the filter and restart the capture in monitoring mode, I can see a lot of exchanges (protocol 802.11) between my computer (2) and the device (1). How come, I can see the exchange on 802.11 but not TCP/IP ?
edit:
- The Wifi is opened, i.e. there's no encryption.
- Both computers (2) and (3) can ping device (1) -- (although after I start a capture in monitor mode ping stops)
- Both computers (2) and (3) use channel 1
$ iwlist wlan0 channel | grep "Current"
Current Frequency:2.412 GHz (Channel 1) - I did a capture in monitor mode without filter. It's a tiny bit better. I can monitor the traffic for about 1s. And then nothing, even though the VNC connection between the device (1) and the computer (2) is still active. And when I stop and restart the VNC connection on computer (2) I receive another batch of frames (~100) in the first second and then nothing. This does not make sense to me.
- When I stop the capture in monitor mode, I get an error "Unknown message from dumpcap, try to show it as a string: Can't restore interface wlan0 wireless mode (SIOCSIWMODE failed: Operation not permitted). Please adjust manually."