On Wed, Feb 05, 2003 at 03:58:14PM -0500, Dave Piscitello wrote:
> Does anyone know of any effort to support 802.11 packet analysis in windows
> versions of ethereal?
There's already 802.11 packet analysis code in Ethereal on Windows, in
the sense that if you have a capture file with 802.11 packets in it, you
can read that capture file in the Windows version of Ethereal and it
will dissect the 802.11 headers.
What's missing is code in WinPcap to support *capture* of raw 802.11
traffic in Windows, and the reason for that is that
there is no standard way, using NDIS, to request that an 802.11
card and driver return 802.11 frames - or that it go into
"monitor mode" and supply frames that it otherwise wouldn't
supply;
therefore, the only way to do that appears to be to write your
own drivers for 802.11 cards;
neither the WinPcap developers nor any Ethereal developers so
far have, I suspect, any interest whatsoever in developing those
drivers *AND*, as would probably be necessary, supporting them
(e.g., as new versions of card firmware are released) *AND*
adding support for new cards as they arrive (e.g., 802.11a and
802.11g cards).
> Anyone know of a windows wlan analyzers that do this other than
> airopeek?
Sniffer Wireless also supports it
http://www.sniffer.com/products/wireless.asp?A=3
and *both* of them supply their own drivers for 802.11 cards.
The mechanism for requesting raw 802.11 frames, and monitor mode, in
those drivers is not documented, so WinPcap can't use them in that
fashion unless, by pure luck, asking those drivers, through NDIS, to go
into promiscuous mode turns on monitor mode and raw 802.11 packets. (I
have no idea whether that is the case. I have no Windows machines with
802.11 interfaces on which to test it.)
If that is the case, it *might* be possible to modify WinPcap to use
that; you'd have to ask the WinPcap developers to do so, and they might
or might not be interested in doing so.