Wireshark · Ethereal-users: Re: [Ethereal-users] Ethereal with Orinoco?

Ethereal-users: Re: [Ethereal-users] Ethereal with Orinoco?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Thu, 1 Nov 2001 02:46:04 -0800

On Wed, Oct 31, 2001 at 10:10:46PM -0800, Rakesh Arora wrote:
> > This is almost certainly either a WinPcap issue or a
> > driver issue.  Try running WinDump:
> > 	http://netgroup-serv.polito.it/windump/
> > 
> 
> I did try WinDump before I tried Ethereal and I
> believe I got the same information(I will double check
> tomorrow).

I.e., WinDump gave you only what Ethereal gave you?  If so, then, as
indicated, that's because WinPcap won't give all 802.11 packets, in
native 802.11 form (rather than fake-Ethernet form) to applications that
use it, such as WinDump, Ethereal, or Analyzer.

> I am trying to obtain all the clients associated with
> an Access Point and I thought that Ethereal would come
> in use for this.

It would, but you'd have to run it on Linux with a sufficiently recent
kernel (and, I think, you'd have to run a utility to put the 802.11
interface into the right mode; I don't know the details) or on recent
FreeBSD with Doug Ambrisko's driver changes (and, again, I think you'd
have to run a utility to put the card into the right mode).

WinPcap currently doesn't let you do that, and Ethereal relies on
WinPcap to capture packets, so Ethereal doesn't let you do that, either.

> The clients have to respond to the
> beacons (sent by an Access Point) in order to continue
> its association with that Access Point. I thought that
> a sniffer can capture these replies to the beacons,
> thereby giving me the list of the clients. Do you know
> of any other way to accomplish my task?

1) Use an OS other than Windows.

2) Use a sniffer that doesn't use WinPcap:

	http://www.wildpackets.com/products/airopeek

	http://www.sniffer.com/products/sniffer-wireless/default.asp?A=5

   They cost money, and you don't get source code, but so it goes.

3) Work with the WinPcap people - if they have time to help you on this
   - to develop a future version of WinPcap that can capture raw 802.11
   (assuming they can do this; the wireless card drivers might make this
   impossible - the two commercial sniffers listed above come with their
   own drivers, I think, but neither we nor the WinPcap developers have
   the time to acquire the expertise necessary to write our own drivers,
   much less to develop those drivers).

References:
- Re: [Ethereal-users] Ethereal with Orinoco?
  - From: Rakesh Arora

Prev by Date: Re: [Ethereal-users] Ethereal with Orinoco?
Next by Date: [Ethereal-users] Running Ethereal from remote computer. is it possible ?
Previous by thread: Re: [Ethereal-users] Ethereal with Orinoco?
Next by thread: [Ethereal-users] Running Ethereal from remote computer. is it possible ?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$