On Tue, Mar 02, 2004 at 11:02:03PM +1000, Davinder S Bains wrote:
> Pls help me to this question:-> I am research Student and using
> Ethereal for Capturing frames on Wireless LAN. I have AP (Access Point)
> and Three wireless Machines. I have Ethreal installed on machine A
> where I do capture. The problem is when I ping from Machine B to C or C
> to B, I cannot capture the ICMP packets. But I can when I ping with
> Machine A.
I think that, in the default mode for an 802.11 network adapter, the
adapter will not supply to the host packets that arrive on the channel
the adapter is using but that are not
1) being sent to the adapter's MAC address;
2) being sent to the broadcast MAC address;
3) being sent to a multicast address on which the adapter is
listening.
The adapter would have to be in promiscuous or "monitor" mode in order
to supply those packets to the host.
Whether an adapter can be put into promiscuous or "monitor" mode depends
on
1) the adapter
and
2) the driver
and 2) might depend on the operating system on which you're running.
For example, the Cisco Aironet cards (or, at least, the card I have on
my PC laptop) support both promiscuous and "monitor" mode, and the
Aironet driver in FreeBSD 4.6 supports both promiscuous and "monitor"
mode (I've captured traffic between my iBook and my access point, using
Ethereal running on the PC, in both promiscuous and monitor mode; I
don't have three machines with wireless adapters, so I don't know
whether I can capture traffic between two other machines, but if, as I
think is the case, that traffic would go through the access point, it's
really traffic between the hosts and the access point, so I should be
able to capture it).
However, on Windows, there might be problems with promiscuous mode, and
standard Windows drivers simply don't support "monitor" mode at all.