david lopez wrote:
Im using tshark (tshark -i ath0) in FreeBSD 6.2
What happens with
tshark -i ath0 -y IEEE802_11
(or -y IEEE802_11_RADIO)?
Im using one atheros wlan card (proxim 8470wd) for capturing packets in
monitor mode (ifconfig ath0 monitor), but when Im sending ping between
one sender and one receiver, Im only able to capture the reply packets
and Im not able to capture the request packets or the management packets
like RTS, CTS, Acknowledges, ... What I'm doing wrong?
I was doing the same in linux suse 10 and I had no problems.
On Linux, there's no mechanism to let an application or library select a
link-layer header type; for what I presume is either backwards
compatibility or hardware restrictions, I think most 802.11 adapters
default to providing "fake Ethernet" link-layer headers, with the only
way to get native 802.11 headers being to switch to monitor mode.
On modern BSDs, the BPF mechanism lets you choose a link-layer header
type; this is supported by most 802.11 adapters. Those adapters default
to "(fake) Ethernet" for backwards compatibility, and you have to choose
native 802.11 headers explicitly - even in monitor mode. I suspect only
data frames are supplied to BPF listeners that have "Ethernet" as the
link-layer header type.
Arguably, Wireshark should default to requesting native 802.11 headers
rather than Ethernet headers.
