sadhiya a wrote:

can we sniff wireless packets with winpcap.

In some circumstances. Windows is *very* unhelpful here, as it doesn't provide standard OIDs for putting cards into monitor mode or provide a way for an NDIS driver to supply packets with 802.11 headers to the networking stack, so driver vendors don't provide those capabilities.

if so how
do we interpret the packets for information like what
sort of packet it is,data...,

In general, the way you determine whether the packet is a data or non-data packet is "if you capture the packet, it's a data packet", because Windows drivers either don't configure the adapter to supply non-data packets (assuming the adapter can even be configured to do so) or discard the packets if the driver supplies them.

Somebody using Ethereal appears to have discovered that some Centrino adapters appear to supply non-data frames (in promiscuous mode?) In Windows, 802.11 driver supply packets with fake Ethernet headers; the Centrino adapter/driver supplies the non-data packets with a fake Ethernet type value of 0x2452 and with the raw contents of the 802.11 frame (complete with 802.11 header) in the payload of the Ethernet packet (i.e., fake Ethernet header followed by real 802.11 header followed by 802.11 data). I have never seen that, because I don't have any Windows machines with Centrino adapters, so I can't give any more details.

source add,destination address.

The source and destination address will appear in the fake Ethernet header.

I am new to programming and
have no idea how to do it.i am to develop a monitoring
tool for wireless lans.someone please do help me out.

Well, the first bit of help I'd offer is "try using Linux or one of the BSDs"; they're a lot more friendly towards applications trying to do monitoring of 802.11 traffic.

================================================================== This is the WinPcap users list. It is archived at

To unsubscribe use mailto: [EMAIL PROTECTED]

Reply via email to