Re: 802.11B and libpcap

From: Michael H. Warfield (mhwat_private)
Date: Tue Sep 18 2001 - 18:18:20 PDT

Next message: Michael H. Warfield: "Re: 802.11/monitor mode (Was: Re: 802.11B and libpcap)"

Previous message: Robert van der Meulen: "802.11/monitor mode (Was: Re: 802.11B and libpcap)"
In reply to: Frank Knobbe: "RE: 802.11B and libpcap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 17, 2001 at 07:06:01PM -0500, Frank Knobbe wrote:

> > -----Original Message-----
> > From: Robert van der Meulen [mailto:rvdmat_private]
> > Sent: Monday, September 17, 2001 9:37 AM

> > As far as i know, monitor mode allows for monitoring of raw 
> > 802.11 traffic
> > without having identified/associated with an AP.
> > Promiscuous mode means 'capture all packets you recieve'; 
> > 'monitor mode'
> > means 'capture all 802.11 data you recieve'. [when associated to an
> > AP] [...]

> Robert and Andrew,

> thanks, that explains it. Now the next question is: Is anyone aware
> of a matrix that shows which card currently on the market has driver
> support for a) monitor mode, b) for promiscuous mode?

> I have a Cisco 340 with hacked drivers that allow for promiscuous
> mode. I have not checked it for monitor mode. It would be great if
> someone already has a web page with a capability matrix....

	Cisco 340/350 doesn't need hacked drivers for promiscuous mode.
They do that just fine.  They do need hacked drivers for RF Monitor mode
and those are available.  I'm currently using Cisco 350 cards (the 350s
have better receive sensitivity and Tx power) with a similar tool for
"War Driving" or "Trolling for WaveLAN".   AirSnort should be able to use
the Cisco cards, it just doesn't include the patched driver.

	It's the Lucent cards (WaveLan and Orinoco) that are the current
problems because nobody seems to know how to get them into RF Monitor mode
(though they go into promiscuous mode just fine as well).  Supposedly,
earlier versions of the WaveLAN (pre Orinoco) cards permitted RF Monitor
mode but newer firmware does not or does something different.

> Regards,
> Frank

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhwat_private
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Michael H. Warfield: "Re: 802.11/monitor mode (Was: Re: 802.11B and libpcap)"
Previous message: Robert van der Meulen: "802.11/monitor mode (Was: Re: 802.11B and libpcap)"
In reply to: Frank Knobbe: "RE: 802.11B and libpcap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 20:09:51 PDT