Ethereal-users: Re: [Ethereal-users] Help on capturing raw 802.11 packets please..

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 5 Jul 2004 03:41:18 -0700
On Sun, Jul 04, 2004 at 11:34:49AM -0700, Mirta Amalia wrote:
> I have sent an email about the same subject,
> unfortunately up until now i haven't had the answer
> yet..

Perhaps nobody knew the answer, and didn't have time to do any research
on the question.

> I'm using D-link DWL-520+ on my Mandrake 10.0 kernel
> 2.6.3-4mdk.. I have succeeded installing DWL-520+
> modules with ACX100.. I'm trying to capture the 802.11
> packets using Ethereal. I installed Ethereal from the
> Mandrake package. I use 3Com Access Point.
> I managed to do the capturing, but not the 802.11
> packets. The packets that i successfully captured are
> ARP, ICMP and IP. It seems that I can't capture the
> 802.11 packets (data and management packets).. 

The ARP, ICMP, and IP packets *are* 802.11 data packets (and, for that
matter, ICMP packets are IP packets...).

However, the driver might, in its default mode, run the card in a mode
where it supplies data packets as fake Ethernet packets, not 802.11
packets, so they might not look like 802.11 packets, or the driver might
convert those packets to fake Ethernet packets.

You might want to try Googling - for example, for

	acx100 "monitor mode"

or

	acx100 rfmon

to see whether there's any information there about putting the card into
a mode where it supplies 802.11 packets, for example "monitor mode"
(where it won't participate on the network - i.e., you won't be able to
send packets, which means that, unless your machine is also connected to
a network on some other interface, you should probably capture with
network name resolution turned *off* so it doesn't hang trying to do,
for example, DNS lookups - but where it would probably capture and
supply all packets it sees, including managment packets) or *perhaps*
"host AP" mode (where I suspect the card supplies management packets to
the host, although I don't know whether, if you're not in monitor mode,
the driver would supply those packets to applications) if the card
supports it.

> I haven't install linux-wlan-ng. Apparently, i got
> many errors while installing linux-wlan-ng. I don't
> know why. And so, i haven't had prismdump yet. Do i
> need to install linux-wlan-ng??

Probably not.  The page at

	http://www.linux-wlan.org/docs/wlan_adapters.html.gz

doesn't show the DWL-520+ as a card supported by linux-wlan-ng (I think
linux-wlan-ng mainly supports Prism-based cards).

> What should i do? can anyone give me a step-by-step
> way to solve this?

Unfortunately, I can't.  You'll probably have to ask the maintainers of
the acx100 driver for help on getting it to capture in a mode where you
can see management packets.