0

When sniffing with tcpdump on my home network with a Debian box I get broadcast packets like this one within minutes from WiFi devices:

11:03:06.976812 34:8a:7b:d9:6c:64 > ff:ff:ff:ff:ff:ff Null Supervisory, Receiver not Ready, rcv seq 64, Flags [Poll], length 8

Can anyone tell me for what this is needed? What Supervisor is missing? What Receiver is not ready? What program is sending it: the DHCP-client, wpa_supplicant, or any router in between, or what? Is this an error or warning that should be fixed?

Update to answer questions from a comment:
The full tcpdump command is:

~$ sudo tcpdump -vvv -n -i ens1 not \( arp or ip or ip6 \)

There is no 802.11 monitor mode for a wifi interface used. I have a fritz.box internet router with an access point. This router also has four RJ45 wired LAN ports bridged to its access point. The shown packets are broadcasted to the link local home network so I see them everywhere on my wired LAN.

Even with the very very verbose option -vvv there is no more information given as shown above.

Looking at the mac address I have verified that the devices sending the packets are only connected by WiFi, mainly smartphones and tablets from Apple or with Android.

Improve this question
3
  • 1
    What was the full tcpdump command you were using? Was the interface in 802.11 monitor mode? Can you show us the full verbose decode of the packet, or post a .pcap somewhere? Unfamiliar packets are usually not a problem that needs to be fixed, but it's worth figuring out exactly what they are and why they're being sent.
    – Spiff
    Commented Jun 3, 2021 at 21:41
  • @Spiff Thanks for looking at this. Quote: "it's worth figuring out exactly what they are and why they're being sent" - that's exactly why I try to understand these messages, even if it's just for optimization. I have updated the question.
    – Ingo
    Commented Jun 6, 2021 at 8:49
  • I can see the same packets (Null Supervisory, Receiver not Ready...) coming on some of my customers wifi netowrks. I think they are unauthenticated clients. But the AP allows this traffic to flow from the foreign WiFi device into the wired LAN. It happened both with Unifi access points and with tp-link "home" access points.
    – giox069
    Commented Jul 5, 2021 at 10:45

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .