Shashwat,
> According to IEEE 802.11, every unicasted packet is acknowledged. I
> captured a TCP data transfer session with ethereal, but saw no 802.11
> Frame Control acknowledgement packets during this time. A desktop
> machine, connected to Cisco Aironet 350 Access Point sent TCP data to
> laptop with Cisco 350 wireless card. The card was in monitor mode. No
> capture filter was used. No packet showed up when I used
> display filter
> " wlan.fc.type == 1 and wlan.fc.subtype == 13 " for seeing packets of
> 802.11 acknowledgement type. I can see other type of 802.11 packets
> like beacon frame.
The Cisco drivers don't properly put the Cisco Aironet cards into RFMON mode. The drivers will not report control frames to libpcap, so you will never see them in a capture.
If you are serious about capturing 802.11 frames, use a Prism2 card with the wlan-ng drivers (like the Saneo or enGenius 100mW/200mW cards). As a fallback, try using an Agere card with patched drivers (airsnort.shmoo.com/orinoco.htm) - this combination will report control frames as well as all other 802.11 management/data frames.
-Joshua Wright
Senior Network and Security Architect
Johnson & Wales University
Joshua.Wright@xxxxxxx
http://home.jwu.edu/jwright/
pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73