Ethereal-users: Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 12 Jun 2002 23:21:44 -0700
On Wed, Jun 12, 2002 at 09:55:12AM -0700, Doug Ambrisko wrote:
> I got my laptop back and this is the "hack" I did:
> 
> Index: packet-ieee80211.c
> ===================================================================
> RCS file: /cvsroot/ethereal/packet-ieee80211.c,v
> retrieving revision 1.53
> diff -c -r1.53 packet-ieee80211.c
> *** packet-ieee80211.c	2002/04/08 09:09:47	1.53
> --- packet-ieee80211.c	2002/06/12 16:51:00
> ***************
> *** 1521,1527 ****
>   	  if (cap_len > 0 && pkt_len > 0)
>   	    call_dissector(data_handle,tvb_new_subset(tvb, hdr_len + 4, -1,tvb_reported_length_remaining(tvb,hdr_len + 4)),pinfo, tree);
>   	}
> - 	return;
>       }
>   
>     /*
> --- 1521,1526 ----
> 
> I did it a long time ago.  Basically I just let it fall into the part
> that does:
> 	Now dissect the body of a non-WEP-encrypted frame.
> and life is good if I set the WEP key on the card.  Of course this
> is for WEP enscrypted packets.

Great.  So the driver can't just clear the WEP bit, as the WEP
information is in the decrypted frames it delivers.

Perhaps we'd need to have a preference setting in the 802.11 dissector
to control whether to assume WEP frames are decrypted or encrypted?

Solomon, what happens with the Prism II reference design cards in
monitor mode if they receive a WEP frame and the WEP key is set on the
card?  Do they supply the frame with everything including the WEP header
as is, but with the payload decrypted?