Ethereal-users: RE: [Ethereal-users] 802.11 acknowledgement missing

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Joshua Wright" <Joshua.Wright@xxxxxxx>
Date: Wed, 23 Jul 2003 13:05:56 -0400
Shashwat,

Any Prism2 card will do - I just bought a couple of el-cheapo Prism2 "SpeedStream" cards from tigerdirect.com for $10/each.  Alternatively, google for "enGenius" - they make 100mW Prism2 cards with MMCX antenna connectors.

-Joshua Wright
Senior Network and Security Architect
Johnson & Wales University
Joshua.Wright@xxxxxxx 
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73



> -----Original Message-----
> From: Shashwat Srivastav [mailto:ssrivast@xxxxxxxxxxxxxx]
> Sent: Wednesday, July 23, 2003 12:53 PM
> To: Joshua Wright
> Cc: ethereal-users@xxxxxxxxxxxx
> Subject: Re: [Ethereal-users] 802.11 acknowledgement missing
> 
> 
> Hi Joshua,
> 
> Thanks for your help. Saneo cards dont seem to be readily available. 
> Can you suggest names of few other cards which are known to do this 
> task ?
> 
> Regards,
> Shashwat
> 
> On Monday, Jul 21, 2003, at 13:38 America/Chicago, Joshua 
> Wright wrote:
> 
> > Shashwat,
> >
> >> According to IEEE 802.11, every unicasted packet is acknowledged. I
> >> captured a TCP data transfer session with ethereal, but 
> saw no 802.11
> >> Frame Control acknowledgement packets during this time. A desktop
> >> machine, connected to Cisco Aironet 350 Access Point sent 
> TCP data to
> >> laptop with Cisco 350 wireless card. The card was in 
> monitor mode. No
> >> capture filter was used. No packet showed up when I used
> >> display filter
> >> " wlan.fc.type == 1 and wlan.fc.subtype == 13 " for seeing 
> packets of
> >> 802.11 acknowledgement type. I can see other type of 802.11 packets
> >> like beacon frame.
> >
> > The Cisco drivers don't properly put the Cisco Aironet cards into 
> > RFMON mode.  The drivers will not report control frames to 
> libpcap, so 
> > you will never see them in a capture.
> >
> > If you are serious about capturing 802.11 frames, use a Prism2 card 
> > with the wlan-ng drivers (like the Saneo or enGenius 100mW/200mW 
> > cards).  As a fallback, try using an Agere card with 
> patched drivers 
> > (airsnort.shmoo.com/orinoco.htm) - this combination will report 
> > control frames as well as all other 802.11 management/data frames.
> >
> > -Joshua Wright
> > Senior Network and Security Architect
> > Johnson & Wales University
> > Joshua.Wright@xxxxxxx
> > http://home.jwu.edu/jwright/
> >
> > pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
> > fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73
> >
> 
>