> I've had limited success with a Cisco 350 Aironet card...I can see IP
> traffice between myself and the WAP, but I can't force the cisco into
> promiscous mode.
That may depend on whether the driver supports promiscuous mode and
whether it supports being put into promiscuous mode by a program
capturing on the interface.
> also, I can't see any layer two traffic between the AP
> and the card. This is with WinPcap ver 2.1.
By "layer two traffic" do you mean "any traffic", or just control
traffic of a sort that doesn't contain higher-level protocol traffic
(ARP packets, IP packets, IPX packets, etc.)? I infer you mean the
latter, from "I can see IP traffic between myself and the WAP".
Whether you can see anything other than the traffic that gets forwarded
to the main part of your OS's networking stack depends on the way the
networking code in your OS works.
WinPcap's driver sees only the packets that the network interface driver
and the Windows NDIS networking mechanism give to it; if the driver for
your card (or firmware on the card itself) merely processes control
traffic internally, and doesn't ever hand it to NDIS as received
packets, no NDIS-based packet capture program will be able to see that
traffic (unless there's some secret back door that it can use).
The Linux networking stack has a similar problem, which is why you don't
see, for example, PPP control traffic when sniffing on a PPP interface.
The BSD BPF mechanism, however, allows the driver itself to pass packets
to the capture mechanism; this requires individual drivers to know about
BPF, but gives them the ability to hand packets to programs that want to
capture raw network traffic without having to worry about whether the
networking stack can sanely handle those packets.
