Hi I am also facing the similar problem and am thinking of using the TZSP for the encapsulation on windows.
I would be grateful if you could send me a sample tzsp dump so that I could use it while I am writing the code for encapsulating the raw 802.11 packets in tazman sniffer protocol. using the online help, as well as going through the source code enabled me to have some understanding of the encapsulating protocol, but it would be really beneficial, if I could have a few packets of actual dumps instead of the simulated ones. Thanks and Regards Ankur On 5/2/05, Guy Harris <[EMAIL PROTECTED]> wrote: > sadhiya a wrote: > > > can we sniff wireless packets with winpcap. > > In some circumstances. Windows is *very* unhelpful here, as it doesn't > provide standard OIDs for putting cards into monitor mode or provide a > way for an NDIS driver to supply packets with 802.11 headers to the > networking stack, so driver vendors don't provide those capabilities. > > > if so how > > do we interpret the packets for information like what > > sort of packet it is ..management,data..., > > In general, the way you determine whether the packet is a data or > non-data packet is "if you capture the packet, it's a data packet", > because Windows drivers either don't configure the adapter to supply > non-data packets (assuming the adapter can even be configured to do so) > or discard the packets if the driver supplies them. > > Somebody using Ethereal appears to have discovered that some Centrino > adapters appear to supply non-data frames (in promiscuous mode?) In > Windows, 802.11 driver supply packets with fake Ethernet headers; the > Centrino adapter/driver supplies the non-data packets with a fake > Ethernet type value of 0x2452 and with the raw contents of the 802.11 > frame (complete with 802.11 header) in the payload of the Ethernet > packet (i.e., fake Ethernet header followed by real 802.11 header > followed by 802.11 data). I have never seen that, because I don't have > any Windows machines with Centrino adapters, so I can't give any more > details. > > > source add,destination address. > > The source and destination address will appear in the fake Ethernet header. > > > I am new to programming and > > have no idea how to do it.i am to develop a monitoring > > tool for wireless lans.someone please do help me out. > > Well, the first bit of help I'd offer is "try using Linux or one of the > BSDs"; they're a lot more friendly towards applications trying to do > monitoring of 802.11 traffic. > > > ================================================================== > This is the WinPcap users list. It is archived at > http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ > > To unsubscribe use > mailto: [EMAIL PROTECTED] > ================================================================== > ================================================================= This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] =================================================================
