Wireshark · Ethereal-users: Re: [Ethereal-users] Problems with LWAPP packet captured

Ethereal-users: Re: [Ethereal-users] Problems with LWAPP packet captured

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Thu, 26 Aug 2004 11:42:08 -0700

aziah zakaria wrote:

Im currently doing an analysis on LWAPP packets and i got to know thatEthereal software can capture LWAPP packets.


I don't think we say anywhere that it can capture them.

We say it can *dissect* them, but its ability to dissect packets of aparticular sort doesn't mean that it can necessarily capture thosepackets - it might have to read them from a capture done by another machine.


Ethereal's ability to capture packets depends on

	1) the link-layer type on which you're trying to capture

and

2) the limitations of the network interface on which you're capturing,the driver for that network interface, and the packet capture mechanismthe driver plugs into.

It doesn't depend directly on something as high-level as whether thepackets are LWAPP packets or not.

However, when I tried tocapture LWAPP packets in live capture, the results shown that it onlycaptures LDAP packets instead of LWAPP packets.

Are you trying to capture them on an 802.11 network? If so, there mightbe some limitations on the traffic your OS, or network card.

At least according to draft-ohara-capwap-lwapp-00, LWAPP goes betweenaccess points and access routers, not between APs and end-stations. Assuch, you might only see LWAPP traffic if you're capturing inpromiscuous mode, and it might even work only if you're in monitor mode.If you're capturing with a WinPcap-based application (such asEthereal) on Windows, promiscuous mode is likely not to work very well,and monitor mode won't work at all. My advice to anybody who wants touse Ethereal to capture 802.11 traffic on Windows would be to try aCentrino-based machine - I haven't tried doing 802.11 capturing on anyWindows machine, but I infer from some code changes somebody sent in forEthereal that promiscuous mode *might* work on Windows on Centrinomachines. I have not seen anybody else report much success at all withpromiscuous 802.11 captures on Windows. (My advice to anybody who wantsto use a PC to capture 802.11 traffic with Ethereal is to run a recentLinux distribution, FreeBSD 5.2 or later, or NetBSD 2.0-beta or later,as at least some of the drivers they have support monitor mode.)

References:
- [Ethereal-users] Problems with LWAPP packet captured
  - From: aziah zakaria

Prev by Date: Re: [Ethereal-users] ethereal on OS X
Next by Date: [Ethereal-users] Re: identifying problems in captures
Previous by thread: [Ethereal-users] Problems with LWAPP packet captured
Next by thread: [Ethereal-users] identifying problems in captures
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$