E B wrote:
Thank you for the help with Windump, I couldn't figure out how to print
it to a text file.
The best thing to do, as noted by Sake, is to save the packets as raw
data to a file. Use File -> Save As; that would let you select which
packets to save (for example, clicking the "Displayed" button and
choosing "Selected packet only" would save the currently-selected packet).
If you want to "print" to a text file, you can use Export -> as "Plain
Text" file; that's similar to "Save As". You'd want to turn on "Packet
details", and "All expanded", and you can also choose "Packet summary
line" and "Packet bytes".
So instead I used Snagit to make images of the List, Details, and Bytes
from 3 separate captures.
The link is here:
http://s268.photobucket.com/albums/jj23/eb001-captures/
Capture 1 and Capture 2 have the LLC packets I was referring to.
The packet you give as an example in Capture 2 appears to be, well,
mangled. There appears to be an extra byte with the value hex 02
between the 802.3 header and the 802.2 LLC header. I suspect that
packet is an IP packet (with a SNAP header), and would dissect as such
without that extra byte in there. Unfortunately, Wireshark has no way
of knowing that extra byte is there.
The packet in Capture 1 appears to be similarly mangled, but it doesn't
appear to be an IP packet. Unfortunately, I can't find anything about
an 802.2 DSAP or SSAP value of 52/53, so I don't know what type of
packet it is.
I infer from the references to WinDump that this is on Windows. Windows
drivers for 802.11 adapters don't do a very good job of supplying
packets to applications doing packet capture; there's not much of
anything that WinPcap or Wireshark can do about that.
