> I am running the libpcap on a linux box that Tim Newsham modified to capture
> packets from the PRISM II wireless card. When I try to read those captures
> on my Win2K 1.8.20 I get that it is an unrecognized network type of 114.
> Does anyone have a work around?
Your choices are:
1) stop using Tim's modified libpcap, which adds its own
link-layer type code of 114, and use the standard prismdump
utility, which writes out captures with 105, which is the
official libpcap type for 802.11.
You don't get all the extra radio-signal stuff Tim's code sticks
on the front of the packets, but so it goes.
2) apply Tim's patch to the Ethereal source, and rebuild.
You run the risk here that if anybody ever contributes
support for Acorn Econet in libpcap, tcpdump, and Ethereal,
those patches won't work, as a link-layer type code of 114 is
reserved for Econet (one of the NetBSD developers wanted it,
so the tcpdump.org guys gave it to him - the tcpdump.org guy
who is typing the reply you're reading, in particular :-)).
3) wait for me to get around to adding Tim's changes to the
standard libpcap, which will involve assigning a *new*
link-layer type for DLT_PRISM (no, he's not getting 114, so
it goes), and merging his Ethereal changes in with the new
link-layer type, and wait for an Ethereal release to come out
with those changes).
4) write a program to read capture file in Tim's modified format
and write it out in standard 802.11 format (link-layer number
of 105, and none of the extra radio stuff at the beginning),
and process capture files through that.
If you don't have a C compiler for Windows, 2) is not an option unless
you plan to run Ethereal on the Linux box as well.