Ethereal-users: Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?
an ethereal user writes:
[ Charset ISO-8859-1 unsupported, converting... ]
| >
| > (You're the first of the people that have reported this problem who have
| > actually supplied us with capture files so we could try to figure out
| > what's happening. Thanks!)
|
| Glad to help out...
|
| >
| > This sounds either like
| > 1) a driver problem
| > or
| > 2) a card firmware problem
| > or
| > 3) a problem with the mode the card was in.
|
| I've been doing some more experiments with different firmware. I identified
| the problem while running firmware v4.23. I've since tried 4.25.10, 4.25.23
| and 4.25.30 with the same results. I've also tried to put the card into
| different monitor modes (1,3,5, and 7) with and without a SSID and
| association.
You said you were running FreeBSD 4.5 you need to upgrade to FreeBSD-stable
or 4.6 when it comes out. You need this fix:
MFC: LEAP, support for Linux "acu" private ioctls, fix 802.11 RFMON
gap problem, support for Home key, add support for multiple
SSIDs via ifmedia and some minor bug fixes, install header files in
/usr/include/dev/an and in general sync with -current.
Also note that with the Cisco card you do not get the WEP keys in the
"raw" 802.11 packet (so is it really 802.11 monitor mode ... not really).
It is speculated that the WEP HW engine removes this. I've been able
to decrypt and view the payload correctly when I enabled WEP on the
card and set the keuys then in Ethereal dissector I have it skip
the WEP part of the packet and then Ethereal disects the rest of the
packet correctly (ie. follow HTTP streams etc.).
4.6 is about to get released.
Guy, is there anyway that you want to handle the WEP issue for the Aironet
cards? This is the same issue in Linux. Or have you already run into
it? My laptop with the change on it should be coming back today.
Doug A.