Ethereal-users: RE: [Ethereal-users] 802.11 support in Windows

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Bates, Curtis" <Curtis.Bates@xxxxxxxxxxxxx>
Date: Thu, 6 Feb 2003 07:50:25 -0600
Title: RE: [Ethereal-users] 802.11 support in Windows

Surveyor Wireless from Finisar.  See: http://www.finisar.com/product/product.php?product_id=77

You might also look at netstumbler, at http://www.netstumbler.com.  It can help troubleshoot problems.


-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: Wednesday, February 05, 2003 7:10 PM
To: Dave Piscitello
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] 802.11 support in Windows


On Wed, Feb 05, 2003 at 03:58:14PM -0500, Dave Piscitello wrote:
> Does anyone know of any effort to support 802.11 packet analysis in windows
> versions of ethereal?

There's already 802.11 packet analysis code in Ethereal on Windows, in
the sense that if you have a capture file with 802.11 packets in it, you
can read that capture file in the Windows version of Ethereal and it
will dissect the 802.11 headers.

What's missing is code in WinPcap to support *capture* of raw 802.11
traffic in Windows, and the reason for that is that

        there is no standard way, using NDIS, to request that an 802.11
        card and driver return 802.11 frames - or that it go into
        "monitor mode" and supply frames that it otherwise wouldn't
        supply;

        therefore, the only way to do that appears to be to write your
        own drivers for 802.11 cards;

        neither the WinPcap developers nor any Ethereal developers so
        far have, I suspect, any interest whatsoever in developing those
        drivers *AND*, as would probably be necessary, supporting them
        (e.g., as new versions of card firmware are released) *AND*
        adding support for new cards as they arrive (e.g., 802.11a and
        802.11g cards).

> Anyone know of a windows wlan analyzers that do this other than
> airopeek?

Sniffer Wireless also supports it

        http://www.sniffer.com/products/wireless.asp?A=3

and *both* of them supply their own drivers for 802.11 cards.

The mechanism for requesting raw 802.11 frames, and monitor mode, in
those drivers is not documented, so WinPcap can't use them in that
fashion unless, by pure luck, asking those drivers, through NDIS, to go
into promiscuous mode turns on monitor mode and raw 802.11 packets.  (I
have no idea whether that is the case.  I have no Windows machines with
802.11 interfaces on which to test it.)

If that is the case, it *might* be possible to modify WinPcap to use
that; you'd have to ask the WinPcap developers to do so, and they might
or might not be interested in doing so.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users



***********************************************************************************
WARNING: All e-mail sent to and from this address will be received or
otherwise recorded by the A.G. Edwards corporate e-mail system and is
subject to archival, monitoring or review by, and/or disclosure to,
someone other than the recipient.
************************************************************************************