On Mar 14, 2008, at 10:20 AM, Guy Harris wrote:
On Windows prior to Windows Vista, that's how *all* the drivers
work, as
far as I know; the networking stack doesn't handle 802.11 headers. In
Windows Vista, the networking stack can handle 802.11 headers, but not
all drivers have been changed to work with the "Native 802.11"
mechanism
- and, even for those that have, WinPcap doesn't put the adapter into
monitor mode, so they won't supply 802.11 headers.
So if you've captured on Windows with a WinPcap-based application,
such
as WinDump or Wireshark, you won't have an 802.11 capture.
Another option on Windows is to buy an AirPcap adapter:
http://www.cacetech.com/products/airpcap_family.htm
and use that with Wireshark. It, in effect, always runs in monitor
mode (it can't be used as a regular 802.11 adapter), and will,
presumably, be able to capture the traffic that your machine's regular
802.11 adapter sends and receives.
It's not an inexpensive option, however; the least expensive adapter
(802.11b/802.11g) costs USD 198.00.