Ethereal-users: Re: [Ethereal-users] Has anyone been able to capture 802.11 ACKs on aironet?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 17 Feb 2005 12:06:30 -0800
Ionut Morar wrote:
I can't capture any control frames under linux using a Cisco Aironet 350 with the airo driver included in the kernel (NOT the one from cisco.com). I am able to capture data&management frames, though. I am using ethereal/libpcap. Has any of you succeeded? And if yes, how?
To quote a message from Mike "Mr. Kismet" Kershaw on the tcpdump-workers mailing list: 


Seeing a data ack depends on having drivers and firmware which can
report it.  The only driver/card combination I can think of which
definitely reports 802.11 phy frames (data ack, cts/rts exchange, etc)
is wlan-ng with prism2 cards.  There may be one or two other
combinations which will work, but I can't think of them right now.

Reporting phy packets is usually a restriction of the firmware, but you
could attempt hacking at the driver source to see if it is deliberately
filtering them.  Generally you're just out of luck, theres no way to see
the ack frames.  If your drivers DO support them, they'll just show up
in the tcpdump stream correctly.
"Control frames" and "phy frames" are two names for the same sort of frame, it appears.
This suggests that the Aironet cards might not be able to supply control frames to the host (I don't *think* I saw any control frames when doing a monitor-mode capture on my FreeBSD 4.6 laptop), or perhaps they can but the driver(s) aren't doing the right thing to make them do so.