Krishna Ramachandran said:
> I have sort of a silly question on how ethereal logs 802.11 unicast
> packets. 802.11 uses a DATA-ACK sequence for sending packets. Does
> ethereal log packets sent by a node whether it gets the ACK or not?
Ethereal logs packets if libpcap/WinPcap supplies them to it.
Libpcap/WinPcap supply packets if they see the packet and it passes the
capture filter.
A packet sent by the host running the libpcap/WinPcap-based application
will, in most cases, be seen by the application, regardless of whether
it's ACKed or not - although that's not always the case if you're
capturing in promiscuous mode on 802.11 devices:
http://www.ethereal.com/faq.html#q5.38
A packet not sent by that host will be seen if the 802.11 interface
receives the packet and supplies it to the host. In promiscuous or
monitor mode, if the packet wasn't sent *to* the host, the host won't ACK
it - and the 802.11 interface probably won't wait for an ACK before
supplying it to the host (it'd be silly of it to do so).
That probably applies to packets sent to the host - when not in monitor
mode, the host would presumably ACK packets sent to it if it received
them.
> Does it also log ACKs?
The 802.11 interface will probably supply ACKs to the host only in monitor
mode.