Ethereal-users: Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Joe Tomasone <joe@xxxxxxxx>
Date: Fri, 07 Jun 2002 14:11:43 -0400
Is the AP using WEP? WEP frames will show as LLC frames due to the fact that the AP manufacturers all violate the spec and do not tag WEP encrypted frames with the proper privacy bit.


        - Joe



At 10:08 AM 6/7/2002, you wrote:
Howdy all...

I have installed FreeBSD 4.5 on an old Compaq Armada for use as a
wireless sniffer.  I've been able to get my Cisco Aironet LMC352 into
monitor mode, ethereal 0.9.4 seems to talk to it, and I've also been
able to "stumble" with Kismet.

The problem:  Ethereal doesn't decode the data packets properly.  All
packets that are not beacons or probes show up as "LLC" protocol
packets.  I've sniffed a web session from my other laptop and I saw the
URL and HTML in these "LLC" packets, so I know that my sniffer is
seeing 3rd party traffic, but I'd like to be able to see the high-level
protocol (IP, TCP) info, not just raw strings.

(for the record)
# ethereal -v
ethereal 0.9.4, with GTK+ 1.2.10, with GLib 1.2.10, with libpcap 0.7,
with libz 1.1.3, with UCD SNMP 4.2.5

Card type: Cisco LMC352
Hardware revision: 00:22
Firmware: 04:23

If anyone else out there in TV land has had similar experiences, I'd
like to trade info.


_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users