[Dave Piscitello <dave@xxxxxxxxxxx>]

Thanks for both pointers. I'm familiar with the commercial tools you 
mentioned, Bates, and have managed to get an extended look at airopeek, 
airmagnet and waverunner for a chapter for a book we have begun. Even 
without 802.11 support, ethereal satisfies the 90%+ rule for what it is 
purposed to do. Most folks can live with an analyzer that parses all but 
the 802.11 management/beacon frames, and there are enough complementary 
free and shareware products, even for windows OSs, to make the multi-$1000 
purchases unnecessary for small to medium organizations.

And there's always the "jeez, just buy a $400 laptop off ebay, select your 
WLAN PC card wisely, and run linux..." answer that, surprisingly, no one 
offered on the list :-)

Appreciate your time and thoughts,

regards,

Dave


At 07:50 AM 2/6/2003 -0600, Bates Curtis wrote:

> Surveyor Wireless from Finisar.  See: 
> <http://www.finisar.com/product/product.php?product_id=77>http://www.finisar.com/product/product.php?product_id=77 
>
>
> You might also look at netstumbler, at 
> <http://www.netstumbler.com>http://www.netstumbler.com.  It can help 
> troubleshoot problems.
>
> -----Original Message-----
> From: Guy Harris [<mailto:guy@xxxxxxxxxx>mailto:guy@xxxxxxxxxx]
> Sent: Wednesday, February 05, 2003 7:10 PM
> To: Dave Piscitello
> Cc: ethereal-users@xxxxxxxxxxxx
> Subject: Re: [Ethereal-users] 802.11 support in Windows
>
> On Wed, Feb 05, 2003 at 03:58:14PM -0500, Dave Piscitello wrote:
> > Does anyone know of any effort to support 802.11 packet analysis in 
> windows
> > versions of ethereal?
>
> There's already 802.11 packet analysis code in Ethereal on Windows, in
> the sense that if you have a capture file with 802.11 packets in it, you
> can read that capture file in the Windows version of Ethereal and it
> will dissect the 802.11 headers.
>
> What's missing is code in WinPcap to support *capture* of raw 802.11
> traffic in Windows, and the reason for that is that
>
>         there is no standard way, using NDIS, to request that an 802.11
>         card and driver return 802.11 frames - or that it go into
>         "monitor mode" and supply frames that it otherwise wouldn't
>         supply;
>
>         therefore, the only way to do that appears to be to write your
>         own drivers for 802.11 cards;
>
>         neither the WinPcap developers nor any Ethereal developers so
>         far have, I suspect, any interest whatsoever in developing those
>         drivers *AND*, as would probably be necessary, supporting them
>         (e.g., as new versions of card firmware are released) *AND*
>         adding support for new cards as they arrive (e.g., 802.11a and
>         802.11g cards).
>
> > Anyone know of a windows wlan analyzers that do this other than
> > airopeek?
>
> Sniffer Wireless also supports it
>
>
> <http://www.sniffer.com/products/wireless.asp?A=3>http://www.sniffer.com/products/wireless.asp?A=3 
>
>
> and *both* of them supply their own drivers for 802.11 cards.
>
> The mechanism for requesting raw 802.11 frames, and monitor mode, in
> those drivers is not documented, so WinPcap can't use them in that
> fashion unless, by pure luck, asking those drivers, through NDIS, to go
> into promiscuous mode turns on monitor mode and raw 802.11 packets.  (I
> have no idea whether that is the case.  I have no Windows machines with
> 802.11 interfaces on which to test it.)
>
> If that is the case, it *might* be possible to modify WinPcap to use
> that; you'd have to ask the WinPcap developers to do so, and they might
> or might not be interested in doing so.
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> <http://www.ethereal.com/mailman/listinfo/ethereal-users>http://www.ethereal.com/mailman/listinfo/ethereal-users 
>
>
>
> ***********************************************************************************
> WARNING: All e-mail sent to and from this address will be received or
> otherwise recorded by the A.G. Edwards corporate e-mail system and is
> subject to archival, monitoring or review by, and/or disclosure to,
> someone other than the recipient.
> ************************************************************************************


David M. Piscitello
Core Competence, Inc. &
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave@xxxxxxxxxxx
843.689.5595
www.corecom.com