On Wed, Mar 24, 2004 at 12:30:59PM +0530, Puneet wrote:
> i am trying to make ethereal on wlan on netgear MA311 PCI card 802.11b
> ( OS- Windows and ethereal 0.10.0 ). I wrote a small routine to put the
> card in monitor mode.
>
> i guess i am able to put the card in monitor mode successfully. but
> when i started ethereal after putting the card in monitor mode. i am
> not getting the MAC header.
If you're using WinPcap and the standard driver, then that's not
necessarily surprising - the driver and NDIS framework probably aren't
expecting to get 802.11 packets, they're expecting Ethernet packets, and
WinPcap is probably expecting Ethernet packets.
> I have some queries. If you are interested i am attaching the trace
> file i got.
It somehow got corrupted - it appears that the link-layer header has had
stuff cut off from the beginning, as there appears to be an 802.2 header
starting 10 bytes into the packet. Ethereal also reports that the file
appears to be corrupted; I don't know whether it was corrupted when you
transferred it to the machine from which you mailed it or got corrupted
in the process of mailing it.
> 1. packet 53 is ARP and tells that some source MAC address is
> 4e:3a:68:74:74:70 and destination is 4f:43:41:54:49:4f. I don't have
> any source and MAC address like this in my network. what is this???
43:3a:68:74:74:70, in ASCII, is "C:http", and 4f:43:41:54:49:4f is
"OCATIO"; the former looks like a mix of a driver letter and the
beginning of a URL, and the latter looks like a fragment of the word
"LOCATION". I don't know what that's doing there, but it might be the
result of the packet not being interpreted correctly.
How did you put the card into monitor mode? It might be that the driver
and the NDIS code (and the WinPcap driver) doesn't realize that it's in
monitor mode.
> 2. why i am not able to see MAC headers even though card is in monitor mode.
Probably because the rest of the code path up to the WinPcap library
doesn't realize that it's getting 802.11 packets.
