Ethereal-users: Re: [Ethereal-users] Help on capturing raw 802.11 packets please..
Thank you for the answer.. It really helps.. I used
the command :
iwpriv wlan0 monitor 2 1
to set the monitor mode.. Now i can capture the IEEE
802.11 packets..
Thanks a lot :)
-Mirta-
--- Guy Harris <gharris@xxxxxxxxx> wrote:
> On Sun, Jul 04, 2004 at 11:34:49AM -0700, Mirta
> Amalia wrote:
> > I have sent an email about the same subject,
> > unfortunately up until now i haven't had the
> answer
> > yet..
>
> Perhaps nobody knew the answer, and didn't have time
> to do any research
> on the question.
>
> > I'm using D-link DWL-520+ on my Mandrake 10.0
> kernel
> > 2.6.3-4mdk.. I have succeeded installing DWL-520+
> > modules with ACX100.. I'm trying to capture the
> 802.11
> > packets using Ethereal. I installed Ethereal from
> the
> > Mandrake package. I use 3Com Access Point.
> > I managed to do the capturing, but not the 802.11
> > packets. The packets that i successfully captured
> are
> > ARP, ICMP and IP. It seems that I can't capture
> the
> > 802.11 packets (data and management packets)..
>
> The ARP, ICMP, and IP packets *are* 802.11 data
> packets (and, for that
> matter, ICMP packets are IP packets...).
>
> However, the driver might, in its default mode, run
> the card in a mode
> where it supplies data packets as fake Ethernet
> packets, not 802.11
> packets, so they might not look like 802.11 packets,
> or the driver might
> convert those packets to fake Ethernet packets.
>
> You might want to try Googling - for example, for
>
> acx100 "monitor mode"
>
> or
>
> acx100 rfmon
>
> to see whether there's any information there about
> putting the card into
> a mode where it supplies 802.11 packets, for example
> "monitor mode"
> (where it won't participate on the network - i.e.,
> you won't be able to
> send packets, which means that, unless your machine
> is also connected to
> a network on some other interface, you should
> probably capture with
> network name resolution turned *off* so it doesn't
> hang trying to do,
> for example, DNS lookups - but where it would
> probably capture and
> supply all packets it sees, including managment
> packets) or *perhaps*
> "host AP" mode (where I suspect the card supplies
> management packets to
> the host, although I don't know whether, if you're
> not in monitor mode,
> the driver would supply those packets to
> applications) if the card
> supports it.
>
> > I haven't install linux-wlan-ng. Apparently, i got
> > many errors while installing linux-wlan-ng. I
> don't
> > know why. And so, i haven't had prismdump yet. Do
> i
> > need to install linux-wlan-ng??
>
> Probably not. The page at
>
>
> http://www.linux-wlan.org/docs/wlan_adapters.html.gz
>
> doesn't show the DWL-520+ as a card supported by
> linux-wlan-ng (I think
> linux-wlan-ng mainly supports Prism-based cards).
>
> > What should i do? can anyone give me a
> step-by-step
> > way to solve this?
>
> Unfortunately, I can't. You'll probably have to ask
> the maintainers of
> the acx100 driver for help on getting it to capture
> in a mode where you
> can see management packets.
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-users
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail