Wireshark-users: [Wireshark-users] Capturing 802.11 Headers in Managed Mode

From: Ritesh Taank <taankr@xxxxxxxxxxx>
Date: Tue, 08 May 2007 12:38:11 +0100
Hi,

I am using the latest Wireshark on my FC6 distro with an Intel ipw2200 mini-pci card. I am trying to capture all 802.11 frames received (and destined for) by only that client (i.e. non-promiscuously).

At the moment it captures everything arriving to it as expected, but there are no 802.11 header per packet - only Ethernet headers.

My ipw2200 card is in Managed mode as it is actually connected to the wlan being studied, and receiving and sending real traffic.

I know that the card must be put into Monitor mode if I want to see all the 802.11 data in my Wireshark captures, but then obviously i lose connectivity from the wlan, and thus cannot send or receive real traffic data anymore - which goes against what i am trying to do in my experiments. Thus, the card must remain in a Managed mode, and yet still pass all 802.11 information up to Wireshark. This is my dilemma.

I have searched endlessly on the Internet for ways around this, and have found only a few articles that touch briefly on the subject, without giving too much detail. From what i'm reading out there, i think there is a way around this by using a specific type of card/driver combination?

Others have mentioned making modifications to the driver for my card (ipw2200)?

I also read that the mad-wifi and hostap drivers might be able to do what I need, but from their respective project websites i couldn't find these answers. Also, would they work with my ipw2200 card?

So, if anybody out there could perhaps shed some light on this issue it would be helping me out a great deal.

Thanks in advance for your time.

Ritesh

---
Adaptive Communications Networks Research Group
Electronic Engineering Dept.
Aston University
Birmingham
B7 4ET

t: +44 (0)7732 069 667
e: taankr@xxxxxxxxxxx
w: www-users.aston.ac.uk/~taankr