Ethereal-users: Re: [Ethereal-users] need help with Ethereal and Windows XP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 16 Oct 2002 11:57:19 -0700
On Wed, Oct 16, 2002 at 02:05:22PM -0400, Joe Granto wrote:
> I followed the directions for installing Ethereal on Windows XP (SP1).  I 
> installed Ethereal 0.9.7, and WinPcap version 2.3 (the alpha 3.0 did not 
> work).

Please let the WinPcap developers know what it did instead of working,
as they may be able to fix it; if, for example, the problem isn't
specific to your machine, it would really suck if WinPcap 3.0 was
released and didn't work on WXP.

> On my wired connection, Ethereal snags packets just fine.  However, it 
> does not snag anything on my wireless adapter.  I have an Orinoco-based 
> Cabletron Roamabout card, and use a LinkSys WAP11.  The wireless network 
> works just fine, but I cannot snag any packets.  When a start a sniff, no 
> packets get snagged.
> 
> Now, I do have my WLAN configured so with MAC filters, and turned off
> SSID broadcasts.  I do not use WEP for these tests.  The MAC of the
> wireless card I am using is not allowed by the WAP11;  I want to use
> Ethereal to see what kind of information I can snag from my own network
> using the security described above.

I don't know whether any wireless drivers on Windows support promiscuous
mode, other than perhaps the drivers that are supplied with commercial
wireless sniffer programs such as Sniffer Wireless and Airopeek, and
even those might not support it with the standard NDIS operations that
WinPcap uses, in which case they won't help with Ethereal (but if you've
installed them you've probably installed a commercial wireless sniffer
program, in which case you don't need Ethereal to do your sniffing).

I also don't know whether any of them support "monitor mode", other than
*possibly* the drivers supplied with the commercial sniffers, and there
*is* no standard way of requesting *that*, so WinPcap and thus Ethereal
can't use that.

Furthermore, note that Wildpackets doesn't support certain Orinoco
firmware versions with their driver:

	http://www.wildpackets.com/support/hardware/ap_lucent_driver

Version 8.0 also isn't supported for monitor mode by patches for the
Linux driver; this may mean that version 8.0 doesn't support monitor
mode *at all*, or, if it does, that Lucent^H^H^H^H^H^HAgere aren't
telling anybody, including the Wildpackets people, how to enable it.

In addition, I don't remember the Orinoco cards being listed in any
documentation for Sniffer Wireless, so they may not have a driver for
it, either.

I.e., it may not be possible to capture any traffic other than traffic
to and from your machine.