Ethereal

Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: June 2002

 

as a fellow stumbler who wonders the same:

The solution I have convinced myself of is that any packet with the 802.11
header and obvious tcp/ip data is called LLC unless it can be further
decoded.  Assume that since it's a wireless connection, you aren't getting
the strongest signal and are losing parts of the packet.  So it only shows
as LLC.  Mind you, I have NO idea if this even resembles something possible,
let alone probable.  Like I said, I merely convinced myself that was the
cause.

In response to Joe:

is that what you see?  What kind of AP's are you sniffing that you see
encrypted data as LLC?  I know that cisco shows as "IEEE 802.11 Data" for
me.

-Rick Farina

----- Original Message -----
From: "an ethereal user" <ethereal@xxxxxxxxxxx>
To: <ethereal-users@xxxxxxxxxxxx>
Sent: Friday, June 07, 2002 10:08
Subject: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?


Howdy all...

I have installed FreeBSD 4.5 on an old Compaq Armada for use as a
wireless sniffer.  I've been able to get my Cisco Aironet LMC352 into
monitor mode, ethereal 0.9.4 seems to talk to it, and I've also been
able to "stumble" with Kismet.

The problem:  Ethereal doesn't decode the data packets properly.  All
packets that are not beacons or probes show up as "LLC" protocol
packets.  I've sniffed a web session from my other laptop and I saw the
URL and HTML in these "LLC" packets, so I know that my sniffer is
seeing 3rd party traffic, but I'd like to be able to see the high-level
protocol (IP, TCP) info, not just raw strings.

(for the record)
# ethereal -v
ethereal 0.9.4, with GTK+ 1.2.10, with GLib 1.2.10, with libpcap 0.7,
with libz 1.1.3, with UCD SNMP 4.2.5

Card type: Cisco LMC352
Hardware revision: 00:22
Firmware: 04:23

If anyone else out there in TV land has had similar experiences, I'd
like to trade info.


_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.