Ethereal-dev: Re: [Ethereal-dev] 802.11 captures?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 12 May 2002 15:59:04 -0700
On Sun, May 12, 2002 at 02:17:50PM -0700, Guy Harris wrote:
> However, having noticed that WildPackets have a (Windows) driver for use
> with AiroPeek and AiroPeek NX that lets it capture on Orinoco cards, and
> that Sniffer Wireless (for Windows) claims to work with Orinoco cards, I
> figured there was probably *some* way of getting the Orinoco cards to do
> it - and, sure enough, my friend Mr. Google, when asked about
> 
> 	linux orinoco "raw 802.11"
> 
> managed to turn up a pile of links, including one to a page that, in
> turn, liked to the Orinoco Monitor Mode Patch Page:
> 
> 	http://airsnort.shmoo.com/orinocoinfo.html
> 
> which apparently uses both ARPHRD_IEEE80211_PRISM and ARPHRD_IEEE80211
> (the former requiring a CVS snapshot version of libpcap, the latter
> working with libpcap 0.7.1, and both of them supplying capture
> information that Ethereal should be able to use).

...but it doesn't work with all versions of the Orinoco card firmware:

	o It appears that the patches does not (for the moment) work with
	  Orinoco firmware v8.10

		...

	o The patch was tested with an Orinoco Gold card running
	  firmware 7.52.  I am told Orinoco Silver cards work as well. 
	  Firmware 8.10 from Dec 2001 seems to fail after gathering a few
	  packets for some reason. 
	  o  I have reports of the following firmware versions working:
	     6.04, 6.16, 7.28?, 7.52 
	  o While the following versions do not work: 7.28?, 8.10

> (I should probably talk to Michael Richardson about putting up a bunch of
> stuff on the tcpdump.org site giving information on how to tweak your
> favorite free(-as-in-speech) UNIXes to do wireless sniffing; it's not an
> Ethereal-specific issue, so it really belongs on the tcpdump.org site,
> with programs using libpcap linking to that page from their Web sites.
> 
> But first I have to *find* all that information, as it appears to be
> scattered all over the Web.  I guess not all 802.11 drivers are in the
> "standard" Linux kernel, and even those that are don't necesarily have
> patches in their standard versions to support ARPHRD_IEEE80211 or
> ARPHRD_IEEE80211_PRISM.)

I've updated the FAQ on the Ethereal Web site for this:

	http://www.ethereal.com/faq.html#q4.21