From owner-freebsd-mobile Wed Sep 5 10:21: 2 2001 Delivered-To: freebsd-mobile@freebsd.org Received: from blues.jpj.net (blues.jpj.net [204.97.17.6]) by hub.freebsd.org (Postfix) with ESMTP id 316F837B405 for ; Wed, 5 Sep 2001 10:20:58 -0700 (PDT) Received: from localhost (benh@localhost) by blues.jpj.net (8.11.1/8.11.1) with ESMTP id f84Lr8610925 for ; Tue, 4 Sep 2001 17:53:08 -0400 (EDT) Date: Tue, 4 Sep 2001 17:53:08 -0400 (EDT) From: Ben Hockenhull To: freebsd-mobile@freebsd.org Subject: Aironet, Ethereal and raw 802.11 frames Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-mobile@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm running FreeBSD 4.3-STABLE on my Vaio and I'm trying to capture raw 802.11 frames using Ethereal 0.8.19 and a Cisco Aironet 350 series PCMCIA card. I don't seem to be able to grab raw 802.11 frames. All the traffic I see looks like it is composed of regular Ethernet II and 802.3 frames. The Ethereal archives mentioned that some 802.11 cards hand off wireless traffic to the host computer as 802.3 frames, not as 802.11 frames, and that in order to capture raw 802.11 frames, one had to be able to put the 802.11 card in question into monitor mode. I can't figure out if this is possible with the Aironet card or not, and I can't decide if this is a function of the an driver or of libpcap or what. My guess would be that the Aironet card is capable of some kind of monitor mode and that the an driver supports that, given the existence of Airosniff, which is an 802.11 network discovery tool that presumably looks at raw 802.11 frames to learn things. Any ideas? Ben -- Ben Hockenhull benh@jpj.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message