Wireshark · Ethereal-users: Re: [Ethereal-users] Using Ethereal Windows version for monitoring IEEE 802.11b traffi c

Ethereal-users: Re: [Ethereal-users] Using Ethereal Windows version for monitoring IEEE 802.11b

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Joe Tomasone <joe@xxxxxxxx>

Date: Wed, 21 Nov 2001 08:51:43 -0500

At the moment, there is no known way to do this with Ethereal under Windows.

802.11 cards strip off the 802.11 information and pass along plain Ethernetframes to the host system. To monitor the management frames, you wouldneed a driver capable of placing the card in "monitor mode", in which thecard simply dumps the raw frames it receives to the host.

AiroPeek (The Windows 802.11 sniffer by WildPackets) does this by usingtheir own special drivers. They (obviously) only work with certaincards. Then there's the $2000.00 price tag to consider.

To use Ethereal to monitor 802.11 frames requires (at this time) a Linuxsystem running a utility called "Prismdump", to which links can be found onthe Ethereal site. Prismdump will put a Prism-II based 802.11 card intomonitor mode and dump the received frames. This can be piped to a FIFOfile that can be read by Ethereal. This is normally used in conjunctionwith the linux-wlan-ng package, which gives you the ability to specifywhich of the 11 channels you'd care to monitor. Common Prism-II basedcards (that can be found at, say, CompUSA, Best Buy, etc) include SMC,Linksys, and D-Link. The downside? It is difficult to find Prism-II basedcards with external antenna jacks, so you are normally limited to thebuilt-in antenna.

If you are determined to use the Windows version (or don't want to take astab at the "Linux method"), you'll need to find/write a driver for yourcard to place it into monitor mode. Then, you'll have to share yourresults with us. :)



        - Joe


At 01:04 PM 11/20/2001, you wrote:

Hi All,
I'm trying to use the windows version of Ethereal for monitoring IEEE802.11b traffic. I have the Lucent/Orinoco Silver WLAN card installed.
In particullar I'm trying to observe the security(WEP) features of theWLAN, in order to see if some of the various attacks that have beenpublished during the course of the past year can be easily reproduced.
I was wondering if anyone has done that kind of work and if so couldsomeone please give me some hints as to how to go about doing this.
Have any of yopu used the windows version to monitor 802.11b traffic andmanagement messages?
Regards

Sachin S. Mody
Thomson Multimedia, Corporate Research
2 Independence Way,
Princeton, NJ 08543
Ph# 609-734-9494
Fax# 609-734-9870

Follow-Ups:
- Re: [Ethereal-users] Using Ethereal Windows version for monitoring IEEE 802.11b traffi c
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] Tethereal filtering - file to file
Next by Date: [Ethereal-users] Ethereal for serial ports
Previous by thread: Re: [Ethereal-users] Tethereal filtering - file to file
Next by thread: Re: [Ethereal-users] Using Ethereal Windows version for monitoring IEEE 802.11b traffi c
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$