On Thu, Sep 13, 2001 at 10:24:01PM +0200, Ronny Vaningh wrote: > Hi > I want to capture the 802.11B link layer data with etherreal. > I've read that you need to patch your libpcap for use with 802.11B > networks. More than just that, I'm afraid. > However on the tcpdump site I could not find any pointers to this > subject. Not real surprising. It's a little more complicated that simply patching libpcap. You also have to have a patched driver. > Could anybody help me out here. Seems like everything you need should be in the AirSnort sources. > Also, what is so special in the PRISMII cards that airsnort only works > with them, and can you recommend any card in particular. The Prism cards can be put into a mode where they will report the RF framing including access point polling and encrypted frames. You can't do this simply by putting the card into promisc mode. Simple promisc mode just looks like an ethernet wire and you're missing the RF layer that it's encapsulated in. You also require a modified driver to put the card into the RF Monitor mode and that's also the reason for needing the modified libpcap, because you get the additional RF information. Cisco Aironet cards can also be put into this mode (although AFAIK, AirSnort doesn't support it) but you need a specially patched Aironet driver and you still need the patched libpcap. Cards based on the Lucent chipset do not work, with the possible exception of some older firmware, because we don't know how to get them into RF Monitor mode. It should be possible or the $@#$# access points (which use the same cards) wouldn't work. So far, I don't know of anyone who has figured it out beyond some remarks about a method for some older Lucent WaveLAN cards that doesn't work on the newer cards. > Thanks > Ronny Vaningh > Ronny@-do-no-spam-netrusion.com Mike -- Michael H. Warfield | (770) 985-6132 | mhwat_private (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Sep 16 2001 - 23:15:48 PDT