Hi, Quoting Frank Knobbe (FKnobbeat_private): > what exactly is the different then between 'monitor' mode and > promiscuous mode? I took a look at AirSnort, and it seems to be using > raw sockets or something, but for sure not libpcap. Was that decision > made just out of convenience? Couldn't AirSnort (or at least its > packet acquisition piece) be re-written to use libpcap? Then it > should work with other hacked drivers like the Cisco as well. Note that i'm not a network/kernel programmer, so i'm just mentioning what i seem to have read/found out in my search for a good network analyser for 802.11/linux. As far as i know, monitor mode allows for monitoring of raw 802.11 traffic without having identified/associated with an AP. Promiscuous mode means 'capture all packets you recieve'; 'monitor mode' means 'capture all 802.11 data you recieve'. 'all 802.11 data' means you don't have to be associated with an AP, you recieve WEP encrypted traffic as well (whereas if you're associated with an AP, you recieve only traffic going over that access point, encrypted with the WEP key you've agreed on with the AP (or no encryption at all). With my Orinoco card, i can just find non-WEP AP's, as my card associates with those as soon as i set my ESSID to an empty string. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdmat_private for my GnuPG/PGP key. "Cleveland? Yes, I spent a week there one day."
This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 11:20:05 PDT