as a fellow stumbler who wonders the same:
The solution I have convinced myself of is that any packet with the 802.11
header and obvious tcp/ip data is called LLC unless it can be further
decoded. Assume that since it's a wireless connection, you aren't getting
the strongest signal and are losing parts of the packet. So it only shows
as LLC. Mind you, I have NO idea if this even resembles something possible,
let alone probable. Like I said, I merely convinced myself that was the
cause.
In response to Joe:
is that what you see? What kind of AP's are you sniffing that you see
encrypted data as LLC? I know that cisco shows as "IEEE 802.11 Data" for
me.
-Rick Farina
----- Original Message -----
From: "an ethereal user" <ethereal@xxxxxxxxxxx>
To: <ethereal-users@xxxxxxxxxxxx>
Sent: Friday, June 07, 2002 10:08
Subject: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?
Howdy all...
I have installed FreeBSD 4.5 on an old Compaq Armada for use as a
wireless sniffer. I've been able to get my Cisco Aironet LMC352 into
monitor mode, ethereal 0.9.4 seems to talk to it, and I've also been
able to "stumble" with Kismet.
The problem: Ethereal doesn't decode the data packets properly. All
packets that are not beacons or probes show up as "LLC" protocol
packets. I've sniffed a web session from my other laptop and I saw the
URL and HTML in these "LLC" packets, so I know that my sniffer is
seeing 3rd party traffic, but I'd like to be able to see the high-level
protocol (IP, TCP) info, not just raw strings.
(for the record)
# ethereal -v
ethereal 0.9.4, with GTK+ 1.2.10, with GLib 1.2.10, with libpcap 0.7,
with libz 1.1.3, with UCD SNMP 4.2.5
Card type: Cisco LMC352
Hardware revision: 00:22
Firmware: 04:23
If anyone else out there in TV land has had similar experiences, I'd
like to trade info.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
