Revision history [back]

Hi all,

I have two devices set in monitor mode connected to my laptop and I am running Wireshark simultaneously on both interfaces. On one I can only see probe requests every now and again, and null data packets <10pps. On the other one I am getting tons more packets at a much higher rate e.g. beacon frames, probe requests, responses, data, CTS/RTS, etc. Can anyone explain why I would be seeing so little on one and so much more on the other even though the two devices are inches apart?

iw dev
phy#2
    Interface wlx00e04c1f8b5f
        ifindex 8
        wdev 0x200000001
        addr 00:e0:4c:1f:8b:5f
        type monitor
        txpower 12.00 dBm
phy#0
    Interface mon0
        ifindex 10
        wdev 0x2
        addr 24:77:03:7e:0b:60
        type monitor
        txpower 15.00 dBm
    Interface wlp3s0
        ifindex 4
        wdev 0x1
        addr 24:77:03:7e:0b:60
        ssid TALKTALK6F4763
        type managed
        channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
        txpower 15.00 dBm

phy#0 is the Intel chip built into my Thinkpad: 03:00.0 Network controller: Intel Corporation Centrino Ultimate-N 6300 (rev 3e)

phy#2 is the Realtek chip in an external USB device: Bus 002 Device 003: ID 0bda:c811 Realtek Semiconductor Corp.

USB WiFi 802.11ac Device on Amazon

I can't attach the captures since I don't have enough points, if anyone could shed some light on this it would be greatly appreciated. I am inclined to think that the Realtek USB device just isn't as capable/fast as the Intel one, but I wouldn't have expected such a discrepancy. It could also be a driver issue, I have used this driver on Github and enabled monitor mode in the Makefile.

Cheers, Jake

Hi all,

I have two devices set in monitor mode connected to my laptop and I am running Wireshark simultaneously on both interfaces. On one I can only see probe requests every now and again, and null data packets <10pps. On the other one I am getting tons more packets at a much higher rate e.g. beacon frames, probe requests, responses, data, CTS/RTS, etc. Can anyone explain why I would be seeing so little on one and so much more on the other even though the two devices are inches apart?

iw dev
phy#2
    Interface wlx00e04c1f8b5f
        ifindex 8
        wdev 0x200000001
        addr 00:e0:4c:1f:8b:5f
        type monitor
        txpower 12.00 dBm
phy#0
    Interface mon0
        ifindex 10
        wdev 0x2
        addr 24:77:03:7e:0b:60
        type monitor
        txpower 15.00 dBm
    Interface wlp3s0
        ifindex 4
        wdev 0x1
        addr 24:77:03:7e:0b:60
        ssid TALKTALK6F4763
        type managed
        channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
        txpower 15.00 dBm

phy#0 is the Intel chip built into my Thinkpad: 03:00.0 Network controller: Intel Corporation Centrino Ultimate-N 6300 (rev 3e)

phy#2 is the Realtek chip in an external USB device: Bus 002 Device 003: ID 0bda:c811 Realtek Semiconductor Corp.

USB WiFi 802.11ac Device on Amazon

I can't attach the captures since I don't have enough points, if anyone could shed some light on this it would be greatly appreciated. I am inclined to think that the Realtek USB device just isn't as capable/fast as the Intel one, but I wouldn't have expected such a discrepancy. It could also be a driver issue, I have used this driver on Github and enabled monitor mode in the Makefile.

Cheers, Jake