|
EtherealRe: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352? |
|
||
|
|
EtherealRe: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352? |
|
||
On Wed, Jun 12, 2002 at 11:21:44PM -0700, Guy Harris wrote: > Perhaps we'd need to have a preference setting in the 802.11 dissector > to control whether to assume WEP frames are decrypted or encrypted? Personally, I'd just leave it as it is. Now that the 802.11 dissector can handle de-wepping data on its own, there's no real reason why we need to have the card do the decryption itself. :) > Solomon, what happens with the Prism II reference design cards in > monitor mode if they receive a WEP frame and the WEP key is set on the > card? Do they supply the frame with everything including the WEP header > as is, but with the payload decrypted? If the card is set to de-wep the incoming packets in monitor mode (keepwepflags=true, defaults to false) it strips out the WEP IV+ICV, but doesn't clear the WEP bit in the 802.11 header. *grumble* I was most displeased when I discovered this gem. Right now, the driver look for the AA AA 03 SNAP header in the payload; if it sees that, it clears the WEP bit. It's not perfect, but it worked for me. :) If someone has instances of that not working, send me a packet dump and I'll try to make the detection code a bit more robust. - Pizza -- Solomon Peachy solomon@xxxxxxxxxxxxxx AbsoluteValue Systems http://www.linux-wlan.com 715-D North Drive +1 (321) 259-0737 (office) Melbourne, FL 32934 +1 (321) 259-0286 (fax)
Attachment:
pgppj0YW1C7Gz.pgp
Description: PGP signature
Powered by MHonArc 2.6.10