Re: [WinPcap-users] someone help me please

2005-05-02 Thread Guy Harris 
sadhiya a wrote:
can we sniff wireless packets with winpcap.
In some circumstances.  Windows is *very* unhelpful here, as it doesn't 
provide standard OIDs for putting cards into monitor mode or provide a 
way for an NDIS driver to supply packets with 802.11 headers to the 
networking stack, so driver vendors don't provide those capabilities.

if so how
do we interpret the packets for information like what
sort of packet it is ..management,data...,
In general, the way you determine whether the packet is a data or 
non-data packet is if you capture the packet, it's a data packet, 
because Windows drivers either don't configure the adapter to supply 
non-data packets (assuming the adapter can even be configured to do so) 
or discard the packets if the driver supplies them.

Somebody using Ethereal appears to have discovered that some Centrino 
adapters appear to supply non-data frames (in promiscuous mode?)  In 
Windows, 802.11 driver supply packets with fake Ethernet headers; the 
Centrino adapter/driver supplies the non-data packets with a fake 
Ethernet type value of 0x2452 and with the raw contents of the 802.11 
frame (complete with 802.11 header) in the payload of the Ethernet 
packet (i.e., fake Ethernet header followed by real 802.11 header 
followed by 802.11 data).  I have never seen that, because I don't have 
any Windows machines with Centrino adapters, so I can't give any more 
details.

source add,destination address.
The source and destination address will appear in the fake Ethernet header.
I am new to programming and
have no idea how to do it.i am to develop a monitoring
tool for wireless lans.someone please do help me out.
Well, the first bit of help I'd offer is try using Linux or one of the 
BSDs; they're a lot more friendly towards applications trying to do 
monitoring of 802.11 traffic.

==
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use 
mailto: [EMAIL PROTECTED]
==

Re: [WinPcap-users] someone help me please

2005-05-02 Thread Ankur Aggarwal 
Hi

I am also facing the similar problem and am thinking of using the TZSP
for the encapsulation on windows.

I would be grateful if you could send me a sample tzsp dump so that I
could use it while I am writing the code for encapsulating the raw
802.11 packets in tazman sniffer protocol.

using the online help, as well as going through the source code
enabled me to have some understanding of the encapsulating protocol,
but it would be really beneficial, if I could have a few packets of
actual dumps instead of the simulated ones.

Thanks and Regards
Ankur


On 5/2/05, Guy Harris [EMAIL PROTECTED] wrote:
 sadhiya a wrote:
 
  can we sniff wireless packets with winpcap.
 
 In some circumstances.  Windows is *very* unhelpful here, as it doesn't
 provide standard OIDs for putting cards into monitor mode or provide a
 way for an NDIS driver to supply packets with 802.11 headers to the
 networking stack, so driver vendors don't provide those capabilities.
 
  if so how
  do we interpret the packets for information like what
  sort of packet it is ..management,data...,
 
 In general, the way you determine whether the packet is a data or
 non-data packet is if you capture the packet, it's a data packet,
 because Windows drivers either don't configure the adapter to supply
 non-data packets (assuming the adapter can even be configured to do so)
 or discard the packets if the driver supplies them.
 
 Somebody using Ethereal appears to have discovered that some Centrino
 adapters appear to supply non-data frames (in promiscuous mode?)  In
 Windows, 802.11 driver supply packets with fake Ethernet headers; the
 Centrino adapter/driver supplies the non-data packets with a fake
 Ethernet type value of 0x2452 and with the raw contents of the 802.11
 frame (complete with 802.11 header) in the payload of the Ethernet
 packet (i.e., fake Ethernet header followed by real 802.11 header
 followed by 802.11 data).  I have never seen that, because I don't have
 any Windows machines with Centrino adapters, so I can't give any more
 details.
 
  source add,destination address.
 
 The source and destination address will appear in the fake Ethernet header.
 
  I am new to programming and
  have no idea how to do it.i am to develop a monitoring
  tool for wireless lans.someone please do help me out.
 
 Well, the first bit of help I'd offer is try using Linux or one of the
 BSDs; they're a lot more friendly towards applications trying to do
 monitoring of 802.11 traffic.
 
 
 ==
 This is the WinPcap users list. It is archived at
 http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
 
 To unsubscribe use
 mailto: [EMAIL PROTECTED]
 ==



= This is the 
WinPcap users list. It is archived at
 http://www.mail-archive.com/winpcap-users@winpcap.polito.it/

 To unsubscribe use
 mailto: [EMAIL PROTECTED]
=

[WinPcap-users] someone help me please

2005-05-01 Thread sadhiya a 
Hi all,
can we sniff wireless packets with winpcap.if so how
do we interpret the packets for information like what
sort of packet it is ..management,data...,source
add,destination address.I am new to programming and
have no idea how to do it.i am to develop a monitoring
tool for wireless lans.someone please do help me out.
with regards,
sadhiya

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


==
 This is the WinPcap users list. It is archived at
 http://www.mail-archive.com/winpcap-users@winpcap.polito.it/

 To unsubscribe use 
 mailto: [EMAIL PROTECTED]
==