["Ankur Aggarwal" <ankur@xxxxxxxxxxxxxxxxx>]

Harris

1)	I already have a (.bat) script which can enable me to change the
radio mode from .11 a-> b-> g and set the channel number. How do I add
an additional tab which will run it for me in the background instead of
manually typing it?

2) In one portion you talk about converting wireless packets to fake
Ethernet packet and in the other you talk about the interpretation of
rf-parameters like data rate, channel, signal level, etc. (the unused
byte actually is reserved for noise values) The Ethernet packets do not
have provision for these fields. How does one handle this information
(assuming winPcap is modified to generate it)

3) Is there any way to by-pass the winPcap and directly interface with
ethereal? I already capable of generating .apc binary dump of raw
packets but would like to use ethereal for real-time monitoring,
interpretation of TCP/IP layer and GUI features which I lack.

Regards,
Ankur

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Thursday, April 14, 2005 1:25 PM
To: Ethereal user support
Subject: Re: [Ethereal-users] ethereal saving as dat file

Ankur Aggarwal wrote:

> Thanks for your prompt reply.
> 1)	I already have a code which can extract and generate all the
> radio/packet information in the .apc file and it can be easily
> integrated to suit ethereal. But I am not sure how to interface it
with
> ethereal-0.10.10\wiretap\etherpeek.c while maintaining the legacy
code.

Is there any radio or other packet information in a pre-version-9 
Etherpeek/Airopeek file (version 9 Etherpeek/Airopeek files are handled 
by wiretap/airopeek9.c) that's not already handled by etherpeek.c? 
(Ethereal's etherpeek.c already recognizes the first 4 bytes of the 
packet as the data rate, channel, signal level, and an unused byte.)

> 2)	I already have the driver source code for our .11abg card which
> could be modified to promiscuous mode. But I am still unsure of how to
> interface it ethereal. Is there some interface document/
specifications

No, because network adapter drivers *don't* interface with Ethereal, 
they interface with the packet capture mechanism used by libpcap, on 
UN*X, or with the WinPcap driver, on Windows.  Ethereal interfaces with 
libpcap on UN*X and WinPcap on Windows; it doesn't directly interface 
with network adapter drivers.

You should talk to the WinPcap developers (note that Ethereal is *NOT* 
the only application that would necessarily use a modified wireless 
driver on Windows - Kismet might do so, too, if any modified Windows 
drivers could put an adapter into monitor mode, and Analyzer and WinDump

could do so as well.

> 3)       How do you set the .11a/b/g radio mode and channel number?

What do you mean by ".11a/b/g radio mode"?

There's no mechanism in Ethereal to set the channel number, as there's 
currently no mechanism in libpcap/WinPcap to do so.  At the NDIS layer, 
it'd be set via the OID_802_11_CONFIGURATION OID, it appears.

> 4)       In what format does my card/driver dump packets to the
ethereal

No format - it would have to dump packets to WinPcap, which would supply

them to Ethereal.

WinPcap would, I think, currently expect them to be dumped as fake 
Ethernet packets.  WinPcap would have to be modified to support raw 
802.11 packets.

> and how does it inform about the packet arrival?

It would inform WinPcap about packet arrival using the standard NDIS 
mechanisms - or, if some support for some other mechanism were added, 
through that mechanism.

Talk to the WinPcap developers:

	http://winpcap.polito.it/

about this.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users