Ethereal-users: Re: [Ethereal-users] Sniff wireless on the same machine?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 31 Aug 2003 17:46:03 -0700
On Sun, Aug 31, 2003 at 02:40:12PM -0400, Mike Shepet wrote:
> Is it showing clear text because the packets are being decrypted before 
> Ethereal has a chance to read them?

Probably.  Incoming packets are probably being decrypted by your 802.11
card before they're supplied to the host, which means they're obviously
decrypted before they're supplied to WinPcap and thus before they're
supplied to Ethereal.  Outgoing packets are being supplied to WinPcap
(and thus Ethereal) before they're even transmitted, so they're not
encrypted.

> How could you find out for sure if 
> WEB is enabled if all you have is an AP and one client?

I don't know of any way, offhand - the problem is that you can only know
for sure if you can see the traffic as it's transmitted on the air, and
the only way to do that is to use a third machine.