Wireshark · Ethereal-users: Re: [Ethereal-users] Is there any chance ethereal or tethereal will work on Cisco 350 pcmcia NIC on

Ethereal-users: Re: [Ethereal-users] Is there any chance ethereal or tethereal will work on Cisc

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Sat, 13 Nov 2004 01:44:03 -0800

The only way that Ethereal or Tethereal - or WinDump, or Analyzer, orPacketyzer, or any other WinPcap-based application will be able tocapture on a particular network device on Windows would be if WinPcapwere able to capture on it. It's out of our hands; you'd have to askthe WinPcap developers about it.

Wireless adapters, for whatever reason, don't work particularly wellwith WinPcap - and I suspect a lot of the problems are a result of thedriver not being designed to work well. There is no mechanism in NDISto put the adapters into monitor mode, or to get the adapter or driverto supply packets other than 802.11 data packets (i.e., no management orcontrol fames), or to supply frames with 802.11 headers rather than fakeEthernet headers, unless in recent versions the "native 802.11"mechanism supports that.

In addition, at least some of the drivers for wireless adapters appearto interpret "promiscuous mode" as meaning "show all the packets theadapter receives from the network in promiscuous mode, but don't showpackets being sent out using the adapter, because it didn't receivethem", so if you capture in promiscuous mode you don't see packets sentby the machine:


	http://www.ethereal.com/faq.html#q5.42

and some of them appear not to work *at all* in promiscuous mode:

	http://www.ethereal.com/faq.html#q5.41

There might be additional problems as well.

However, the question you ask isn't an "either/or" question - a thirdalternative is AiroPeek:


	http://www.wildpackets.com/products/airopeek

or AiroPeek NX:

	http://www.wildpackets.com/products/airopeek_nx

which I think have drivers to support capture on Aironet cards, andwhich I think is significantly cheaper than Sniffer Pro.


There's also the Network Chemistry Neutrino Sensor:

	http://www.networkchemistry.com/products/neutrino/capture.php

which is a device that acts as a "remote probe" - Network Chemistry'sPacketyzer:


	http://www.networkchemistry.com/products/packetyzer/

can capture using it, and they might distribute a version of WinPcapthat can talk to a Neutrino device and capture on it - if so, it couldbe used with other WinPcap-based applications.

References:
- [Ethereal-users] Is there any chance ethereal or tethereal will work on Cisco 350 pcmcia NIC on Windows 2000 or XP within perhaps the next 12 months, or should we buy more Sniffer Pro licenses? ?
  - From: Burton, Lowell

Prev by Date: Re: [Ethereal-users] Is there any chance ethereal or tethereal will work on Cisco 350 pcmcia NIC on Windows 2000 [...]
Next by Date: Re: [Ethereal-users] erroneous decoding of dynamic DNS packets in ethereal?
Previous by thread: Re: [Ethereal-users] Is there any chance ethereal or tethereal will work on Cisco 350 pcmcia NIC on Windows 2000 [...]
Next by thread: [Ethereal-users] Howto: Restore preferences?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$