Ethereal-users: Re: [Ethereal-users] A n00b's guide to packet capture? Does it exist?
Mike Meyer wrote:
My problem is that I am not sure where to go when I start Ethereal. I
have tried capturing network traffic (?) using my built-in wireless
card, an Intel Wireless 2200bg.
I have sat here now for a while, and I monitor it every 1/2 hr or
so...nothing happens.
Am I doing something wrong maybe (probably)?
Yes.
What you're doing wrong is expecting Ethereal (or any other
WinPcap-based application) to be very useful as a tool on which to
capture on a wireless link.
You *might* have more success if you capture with promiscuous mode
turned off, although you will then only be able to capture traffic sent
to or by the machine running Ethereal.
Do I need something special for the 2200bg card?
If you want to do anything more than capturing traffic to and from your
machine, the "something special" you should consider doing is "running
Linux". Sorry - Windows and WinPcap wireless packet capture do *NOT* go
well together, because
1) Microsoft's NDIS framework doesn't provide much help for the
wireless card drivers
and
2) Windows wireless card drivers aren't very helpful, either.
See
http://www.ethereal.com/faq#q5.39
and
http://www.ethereal.com/faq#q5.40
and
http://wiki.ethereal.com/CaptureSetup_2fWLAN
for the full sad story, and note that the download page for Windows
versions of Ethereal:
http://www.ethereal.com/distribution/win32/
strongly notes that Ethereal's capture ability on 802.11 is *very* limited.
(We don't control the software that's causing the trouble - Microsoft
and the writers of drivers for 802.11 cards do - and, at least from what
I've seen about what Microsoft are planning to do for their "native
WLAN" or whatever it is in Longhorn, it probably won't make stuff much
better, if it makes any difference at all.)
