Ethereal-users: Re: [Ethereal-users] 802.11 raw packet sniffing

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 27 Feb 2003 00:22:34 -0800
On Wed, Feb 26, 2003 at 05:01:34PM +0100, Michele Varesano wrote:
> Hello,
> I use ethereal 0.9.9 and libpcap 0.7.1 (RH7.3) with
> a Cisco Aironet 350 wireless Card. I would like
> to sniff all 802.11 frames (control, data and management
> frames) but I can get only regular data frames with 
> ethereal.
> 
> As reported in
> http://www.ethereal.com/faq.html#q5.22 
> I tried the following commands:
> 
> echo "Mode: rfmon" >/proc/driver/aironet/ethN/Config
> echo "Mode: y" >/proc/driver/aironet/ethN/Config
> 
> with no results

Which driver are you using?

Cisco apparently have Linux drivers, but I don't know whether they
support monitor mode.

Apparently the latest airo-linux drivers don't work all that well, but
some older Aironet drivers do:

	http://www.ethereal.com/lists/ethereal-users/200302/msg00227.html

It would be Amazingly Lovely if

	1) the standard Linux trees from kernel.org had monitor-mode
	   support for all wireless cards, rather than requiring people
	   to dig up patches or drivers from elsewhere - or, at last, if
	   the Linux kernel in most Linux distributions had it;

	2) there were a standard way to do raw 802.11 captures that was
	   the same for all of those cards.

I don't know why there appear to be N different groups of people doing
wireless drivers on Linux, often doing things in different ways
(wlan-ng, Jean Tourrilhes' stuff, the Aironet stuff), but I suspect it's
a bit of a pain for Linux users.

The folks working on the NetBSD 802.11 drivers might well get some
standardization of wireless stuff in NetBSD - and the FreeBSD folks are
picking at least some of their stuff up, so that might be the case on
two out of three of the free-software BSDs, and if OpenBSD picks it up
that'd be wonderful.  All that'd be needed in BSDland, then, would be
for the fruit-flavored BSD from Cupertino to pick it up (which might
make Wildpackets happy, too, as that'd mean they could do AiroPeek for
MacOS X without having to do their own Airport drivers).

(There might be some card-dependent things, as I think there are some
things that some cards can do but not others, but it'd be nice to
standardize the stuff that all cards can do....)