ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "an ethereal user" <ethereal@xxxxxxxxxxx>
Date: Fri, 7 Jun 2002 16:12:37 -0400
I'm actually looking at both WEP and non-WEP traffic during my tests.  In
this case, though, I'm dealing with non-WEP.  Like I said, I can see the
strings in the data dump, but ethereal misinterprets the info.

My first guess is that the firmware is not current/old enough.  I've got
several different versions to test this weekend.  I'll post my results
later...

----- Original Message -----
From: "Joe Tomasone" <joe@xxxxxxxx>
To: "an ethereal user" <ethereal@xxxxxxxxxxx>; <ethereal-users@xxxxxxxxxxxx>
Sent: Friday, June 07, 2002 2:11 PM
Subject: Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco
LMC352?


>
> Is the AP using WEP?  WEP frames will show as LLC frames due to the fact
> that the AP manufacturers all violate the spec and do not tag WEP
encrypted
> frames with the proper privacy bit.
>
>
>          - Joe
>
>
>
> At 10:08 AM 6/7/2002, you wrote:
> >Howdy all...
> >
> >I have installed FreeBSD 4.5 on an old Compaq Armada for use as a
> >wireless sniffer.  I've been able to get my Cisco Aironet LMC352 into
> >monitor mode, ethereal 0.9.4 seems to talk to it, and I've also been
> >able to "stumble" with Kismet.
> >
> >The problem:  Ethereal doesn't decode the data packets properly.  All
> >packets that are not beacons or probes show up as "LLC" protocol
> >packets.  I've sniffed a web session from my other laptop and I saw the
> >URL and HTML in these "LLC" packets, so I know that my sniffer is
> >seeing 3rd party traffic, but I'd like to be able to see the high-level
> >protocol (IP, TCP) info, not just raw strings.
> >
> >(for the record)
> ># ethereal -v
> >ethereal 0.9.4, with GTK+ 1.2.10, with GLib 1.2.10, with libpcap 0.7,
> >with libz 1.1.3, with UCD SNMP 4.2.5
> >
> >Card type: Cisco LMC352
> >Hardware revision: 00:22
> >Firmware: 04:23
> >
> >If anyone else out there in TV land has had similar experiences, I'd
> >like to trade info.
> >
> >
> >_______________________________________________
> >Ethereal-users mailing list
> >Ethereal-users@xxxxxxxxxxxx
> >http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube