I‘m trying to monitor traffics under wifi, And I use both a mac and a lubuntu installed Wireshark, and after I enable monitor mode start listening, the amount of lubuntu packs is far less than Mac (10x less)
- Does this happen since the CPU or net card things(other hardware things?) or just because of different Wireshark?
- Is there any other way to identify this cause? (maybe with some other tool or commands)
added:
maybe related to the channel of wifi, but I config wifi to channel 7 and set the lubuntu monitor channel with
iwconfig wlanxx channel 7
but still, I can't get sniffer traffic under lubuntu but full of them under mac
seems lubuntu only could get the broadcast pack (like arp) and 802.11 Protocol Pack
I'm guessing this due to the bad configuration or implementation of wireless net card
There is probably just more activity on the Mac. I don't know your precise configuration, but if you have a browser open on the Mac and nothing on the lubuntu, then there will be a difference in the amount of network traffic.
There is not really a reason for network traffic to change significantly because of hardware. Configuration can play a role though. If ipv4 and ipv6 are enabled, address resolution packets will be double as if only one is. If Arp cache is set to expire fast, there will also be more Arp traffic.
To identify the cause, look at what wireshark is telling you. What packets are there on both machines ? what packets are unique to the Mac ? Have a look at protocols, destination IPs and port numbers, they are the main clue to tell you what is happening.