Ethereal-users: Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "an ethereal user" <ethereal@xxxxxxxxxxx>
Date: Sun, 9 Jun 2002 14:52:56 -0400
I put two sample caps on my web server:  http://www.severus.org/wifi-caps/

Both of these caps were made with the following setup:

Network:   192.168.0.0/24
Gateway:   192.168.0.1
  OpenBSD 3.1
  Intel Etherexpress Pro (fxp)
Victim:  192.168.0.45
  FreeBSD 4.5
  Dell Truemobile 1150 (orinoco gold)
WAP:  Linksys WAP-11 2.2
Sniffer: (none)
  FreeBSD 4.5
  Cisco LMC352

The following commands were run on the sniffer immediately after boot:

[root@ocelot root]# ancontrol -i an0 -M 7
[root@ocelot root]# ifconfig an0 up
[root@ocelot root]# ethereal &

Capture options were left as default

- icmp-traffic

 (from victim) # ping 192.168.0.1
     10 pings and responses, 0% loss

- google-session

 (from victim) # nc -vv www.google.com 80
   GET / HTTP/1.0
   <response>

In the google-session cap, the HTTP request is sent in frame 206, and the
response begins at frame 228.  There should be a DNS resolution somewhere in
there, along with the normal TCP session setup.

----- Original Message -----
From: "Chris Waters" <chris@xxxxxxxxxxxx>
To: "an ethereal user" <ethereal@xxxxxxxxxxx>; <ethereal-users@xxxxxxxxxxxx>
Sent: Sunday, June 09, 2002 2:03 PM
Subject: Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco
LMC352?


> Can you attach a small saved trace that has this behaviour? Perhaps a
trace
> from your own AP would be best :-). It does sound like something is not
> working properly for you because when I am in range, I always see correct
> decodes. Note that some packets may correctly contain LLC headers, but if
> Ethereal can decode the contents and the last decoded protocol will show
in
> the information field on the display.