Wireshark · Ethereal-dev: [Ethereal-dev] Re: [Ethereal-users] Capturing 802.11 mgmt packets in Windows??

[Guy Harris <gharris@xxxxxxxxx>]

On Sun, Apr 11, 2004 at 10:54:29PM -0700, MohanaSundaram wrote:
> I am interested in capturing 802.11 management frames
> in a windows PC. Is that Possible??

Yes, but you'll have to buy Sniffer Wireless or AiroPeek (which supply
their own drivers, which can put the card into monitor mode, unlike the
drives that come with Windows or with the wireless card, which don't
support that - those are the drivers that WinPcap-based applications
such as Ethereal use).

>  I can capture the same in My linux box!!

Some Linux drivers (and some BSD drivers) for various wireless cards, unlike
the standard Windows drivers for those cards, support monitor mode.

> In windows 2k with Proxim(Orinico) Card I am able to see the
> Packets.. but they are shown as ARP,UDP,etc.  not as
> IEEE 802.11. I had read the FAQ, which says it depends
> on the driver and the card.. 

If by "the FAQ" you mean the Ethereal FAQ, it also says

	Q 5.36: How can I capture raw 802.11 packets, including non-data
	(management, beacon) packets?

	A: That would require that your 802.11 interface run in the mode
	called "monitor mode" or "RFMON mode".  Not all operating
	systems support that and, even on operating systems that do
	support it, not all drivers, and thus not all cards, support it.

so it also depends on the OS, as well as the driver and the card.