Ethereal-users: Re: [Ethereal-users] Has anyone been able to capture 802.11 ACKs on aironet?
Ionut Morar wrote:
I can't capture any control frames under linux using a Cisco Aironet 350
with the airo driver included in the kernel (NOT the one from
cisco.com). I am able to capture data&management frames, though. I am
using ethereal/libpcap. Has any of you succeeded? And if yes, how?
To quote a message from Mike "Mr. Kismet" Kershaw on the tcpdump-workers
mailing list:
Seeing a data ack depends on having drivers and firmware which can
report it. The only driver/card combination I can think of which
definitely reports 802.11 phy frames (data ack, cts/rts exchange, etc)
is wlan-ng with prism2 cards. There may be one or two other
combinations which will work, but I can't think of them right now.
Reporting phy packets is usually a restriction of the firmware, but you
could attempt hacking at the driver source to see if it is deliberately
filtering them. Generally you're just out of luck, theres no way to see
the ack frames. If your drivers DO support them, they'll just show up
in the tcpdump stream correctly.
"Control frames" and "phy frames" are two names for the same sort of
frame, it appears.
This suggests that the Aironet cards might not be able to supply control
frames to the host (I don't *think* I saw any control frames when doing
a monitor-mode capture on my FreeBSD 4.6 laptop), or perhaps they can
but the driver(s) aren't doing the right thing to make them do so.