Ethereal-users: Re: [Ethereal-users] ethereal saving as dat file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 14 Apr 2005 00:55:26 -0700
Ankur Aggarwal wrote:


Thanks for your prompt reply.
1)	I already have a code which can extract and generate all the
radio/packet information in the .apc file and it can be easily
integrated to suit ethereal. But I am not sure how to interface it with
ethereal-0.10.10\wiretap\etherpeek.c while maintaining the legacy code.
Is there any radio or other packet information in a pre-version-9 Etherpeek/Airopeek file (version 9 Etherpeek/Airopeek files are handled by wiretap/airopeek9.c) that's not already handled by etherpeek.c? (Ethereal's etherpeek.c already recognizes the first 4 bytes of the packet as the data rate, channel, signal level, and an unused byte.) 


2)	I already have the driver source code for our .11abg card which
could be modified to promiscuous mode. But I am still unsure of how to
interface it ethereal. Is there some interface document/ specifications
No, because network adapter drivers *don't* interface with Ethereal, they interface with the packet capture mechanism used by libpcap, on UN*X, or with the WinPcap driver, on Windows. Ethereal interfaces with libpcap on UN*X and WinPcap on Windows; it doesn't directly interface with network adapter drivers.
You should talk to the WinPcap developers (note that Ethereal is *NOT* the only application that would necessarily use a modified wireless driver on Windows - Kismet might do so, too, if any modified Windows drivers could put an adapter into monitor mode, and Analyzer and WinDump could do so as well. 


3)       How do you set the .11a/b/g radio mode and channel number?


What do you mean by ".11a/b/g radio mode"?
There's no mechanism in Ethereal to set the channel number, as there's currently no mechanism in libpcap/WinPcap to do so. At the NDIS layer, it'd be set via the OID_802_11_CONFIGURATION OID, it appears. 


4)       In what format does my card/driver dump packets to the ethereal
No format - it would have to dump packets to WinPcap, which would supply them to Ethereal.
WinPcap would, I think, currently expect them to be dumped as fake Ethernet packets. WinPcap would have to be modified to support raw 802.11 packets. 


and how does it inform about the packet arrival?
It would inform WinPcap about packet arrival using the standard NDIS mechanisms - or, if some support for some other mechanism were added, through that mechanism. 

Talk to the WinPcap developers:

	http://winpcap.polito.it/

about this.