802.11g Not Much Happening on Wireshark Capture

[Cowbell]

As I anxiously await the 2018.10.4 firmware update from the mothership, I thought I would try (first time) a little snooping of the 802.11g wireless traffic between my Model S and home AP/router (Motorola SBG6850).

However, after monitoring for several hours, I noticed only a small amount of regular and repetitious traffic between the car and the AP - basically LAN protocol queries and responses (ARP and SSDP) between the router and the vehicle, with absolutely no traffic between my vehicle and the internet. I've tried a number of things, including rebooting the MCU, AP/router, streaming audio etc; I am able to see the car switch from LTE to 802.11 and lock there via the indicator icon on the top right of the MCU screen. However, based on my Wireshark captures, there is no traffic except ARP and SSDP. Consequently, I am thinking the preferred (and apparently exclusive) route for traffic between the mothership and my car is via cellular LTE/3G connectivity. Hence, my question for those with network/Model S experience, is this typical ?

If so when/how is the 802.11 mode used ?

 

[boaterva]

If your car is on wifi, it’s using wifi. And it’s on a VPN to the mothership. Thus you won’t able to see much by definition sniffing things once the tunnel is established when the MCU boots up.

Does that clarify things?

 

[Cowbell]

If your car is on wifi, it’s using wifi. And it’s on a VPN to the mothership. Thus you won’t able to see much by definition sniffing things once the tunnel is established when the MCU boots up.

Does that clarify things?

Lee-

I'm not even seeing the car attempt to establish the tunnels. There is absolutely nothing going on but routine LAN housekeeping protocol traffic. I would think that the MCU would be very chatty to destinations through the AP to the internet, but that is not happening.

 

[boaterva]

Lee-

I'm not even seeing the car attempt to establish the tunnels. There is absolutely nothing going on but routine LAN housekeeping protocol traffic. I would think that the MCU would be very chatty to destinations through the AP to the internet, but that is not happening.

Lol, gotcha. That makes no sense, then. I’d watch the AP as you restart the MCU because it definitely attaches to the AP and then sets up a VPN to the mothership. Erik and David have showed the steps before they made a guest network when their media player was interfering.

Something has to be going wrong here. When I reboot mine I see the car transition from no connectivity to LTE to wifi to connected (VPN).

Let me know how it goes!

 

[Jlindo]

Do you see network activity when you access maps, route to a destination, play some music or access the browser from the car?

 

[Cowbell]

Do you see network activity when you access maps, route to a destination, play some music or access the browser from the car?

No I’m not. However, I think the issue is my wireshark configuration. I’m going to work on that and verify captures with another device.

 

[boaterva]

No I’m not. However, I think the issue is my wireshark configuration. I’m going to work on that and verify captures with another device.

Hm, good idea. May not be doing what you think over the right interface. The music test is a good one as it has to go fetch it!

 

[BigD0g]

It’s your configuration, there’s lots of traffic

 

[NickFie]

No I’m not. However, I think the issue is my wireshark configuration. I’m going to work on that and verify captures with another device.

A bit tricky to capture network traffic. Two options:

A. Find an Ethernet bridge, not switch. The bridge delivers all packets to all ports. A Switch only delivers packets to the Port where they should go. Insert the bridge between wireless Access Point and Internet router. Bridges are hard to find these days. I've got an old 100 Mbps bridge for these situations.

B. Configure your PC to intercepts the traffic. You'll need two Ethernet ports. If there's one built in, get a USB Ethernet adapter. In Network adapter properties for the Ethernet port connect to home Internet router, enable Connection Sharing. Then insert the PC between wireless Access Point and home Internet router.

Hope this helps.

 

[davidc18]

network tap: Network Tap & More | Dualcomm

or : https://www.amazon.com/gp/product/B01N370ZQV

 

[Mediocrates]

A. Find an Ethernet bridge, not switch. The bridge delivers all packets to all ports. A Switch only delivers packets to the Port where they should go. Insert the bridge between wireless Access Point and Internet router. Bridges are hard to find these days. I've got an old 100 Mbps bridge for these situations.

You mean an ethernet hub, not a bridge. Hubs broadcast all packets to all ports. Ethernet hubs are readily available for around $20.

 

[ucmndd]

As others have implied, you won't see traffic to/from an arbitrary device on your wireless network by simply capturing packets with Wireshark from another device. Doesn't work that way. You're seeing ARP and SSDP packets because those are sent to the broadcast address for your subnet and explicitly meant to be seen by every device on the network (that's how those protocols work).

 

[Mediocrates]

Ethernet hubs are readily available for around $20.

Correction, these may not be as common or quite this low in price.

 

[Cowbell]

As others have implied, you won't see traffic to/from an arbitrary device on your wireless network by simply capturing packets with Wireshark from another device. Doesn't work that way. You're seeing ARP and SSDP packets because those are sent to the broadcast address for your subnet and explicitly meant to be seen by every device on the network (that's how those protocols work).

Yes you are correct. I was attempting to sniff packets over the air but was only seeing broadcast traffic. I’m not sure wireshark can sniff over the air unless airpcap is used with a usb based radio attached to the client. In this situation, my laptop has only an embedded 802.11 radio and it does not seem to be working.

 

[omega]

if you want to sniff all the Tesla traffic you need to capture it at the right device, and that would be at the gateway, in my case a Cisco ASA.