Ethereal-users: [Ethereal-users] RH8.0: ethereal and libpcap RPMs

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Bob Lesser <blesser@xxxxxxxxxxxxxx>
Date: Thu, 06 Mar 2003 10:29:17 -0800
Howdy!
I am running Redhat 8.0 using a Cisco Aironet350 (current Cisco software & firmware) trying to capture raw 802.11 and 802.11 management packets with Ethereal 0.9.8. but have been unsuccessful. My position is that this is not viable under the Redhat 8.0 platform. I am hoping somebody can prove me wrong here. 

Following is a query of my applicable RH8 RPMs:

kernel-2.4.18-14
lipbpcap-0.7.2-1
net-snmp-utils-5.0.8-8.80.2
net-snmp-5.0.6-8.80.2
Now I try and load a current version of Ethereal and get the following error message: 

#rpm -ih ethereal-0.9.8.80.0.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e
error: Failed dependencies:
	libpcap.so.0.6.2 is needed by ethereal-0.9.8-0.80.0
#
Does this imply that I need to downgrade my current libpcap (0.7.2-1) to libpcap-0.6.2-16 (or earlier) where libpcap.so.0.6.2 is supported in order to run ethereal-0.9.8.80.0? If that is the case, then Ethereal.com has errored in its claim of supporting raw 802.11 & 802.11 management packets with libpcap 0.7.1, or later. 

Following is Ethereal's claim:
"Q 5.23: How can I capture raw 802.11 packets, including non-data (management, beacon) packets?
A: The answer to this depends on the operating system on which you're running and the 802.11 interface you're using. 

Cisco Aironet cards:
The only platforms that allow Ethereal to capture raw 802.11 packets on Cisco Aironet cards are: 

Linux, with a 2.4.6 or later kernel;
FreeBSD 4.6 or later, as the driver in FreeBSD 4.5 has bugs that cause packets not to be captured correctly, and the driver in releases prior to 4.5 didn't support capturing raw packets. On FreeBSD, the ancontrol utility must be used; do not enable the full Aironet header via BPF, as Ethereal doesn't currently support that. 

On Linux, you will need to do

echo "Mode: rfmon" >/proc/driver/aironet/ethN/Config
if your Aironet card is ethN. To capture traffic from any BSS, do

echo "Mode: y" >/proc/driver/aironet/ethN/Config
and to return to the normal mode, do

echo "Mode: ess" >/proc/driver/aironet/ethN/Config
In either case, Ethereal would have to be linked with libpcap 0.7.1 or later; this means that most Ethereal binary packages won't work unless they're statically linked with libpcap 0.7.1 or later, or they're dynamically linked with libpcap and your system has a libpcap 0.7.1 or later shared library installed (note that libpcap source package from tcpdump.org does not build shared libraries)." 

Your help is greatly appreciated.

Cheers,

Bob