Hi Joshua,
Thanks for your help. Saneo cards dont seem to be readily available.
Can you suggest names of few other cards which are known to do this
task ?
Regards,
Shashwat
On Monday, Jul 21, 2003, at 13:38 America/Chicago, Joshua Wright wrote:
Shashwat,
According to IEEE 802.11, every unicasted packet is acknowledged. I
captured a TCP data transfer session with ethereal, but saw no 802.11
Frame Control acknowledgement packets during this time. A desktop
machine, connected to Cisco Aironet 350 Access Point sent TCP data to
laptop with Cisco 350 wireless card. The card was in monitor mode. No
capture filter was used. No packet showed up when I used
display filter
" wlan.fc.type == 1 and wlan.fc.subtype == 13 " for seeing packets of
802.11 acknowledgement type. I can see other type of 802.11 packets
like beacon frame.
The Cisco drivers don't properly put the Cisco Aironet cards into
RFMON mode. The drivers will not report control frames to libpcap, so
you will never see them in a capture.
If you are serious about capturing 802.11 frames, use a Prism2 card
with the wlan-ng drivers (like the Saneo or enGenius 100mW/200mW
cards). As a fallback, try using an Agere card with patched drivers
(airsnort.shmoo.com/orinoco.htm) - this combination will report
control frames as well as all other 802.11 management/data frames.
-Joshua Wright
Senior Network and Security Architect
Johnson & Wales University
Joshua.Wright@xxxxxxx
http://home.jwu.edu/jwright/
pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73