ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 12 Jun 2002 00:44:42 -0700
On Tue, Jun 11, 2002 at 01:41:06PM -0400, an ethereal user wrote:
> > You said you were running FreeBSD 4.5 you need to upgrade to FreeBSD-
> stable
> > or 4.6 when it comes out.  You need this fix:
> >   MFC:  LEAP, support for Linux "acu" private ioctls, fix 802.11 RFMON
> >         gap problem, support for Home key, add support for multiple
> >         SSIDs via ifmedia and some minor bug fixes, install header 
> files in
> >         /usr/include/dev/an and in general sync with -current.
> >
> 
> I installed 4.6-RC2, and now I'm seeing higher-level protocol info :)
> 
> BUT!
> 
> Now 802.11 beacons are mangled.  Kismet now reports all networks as <no 
> ssid> and Ethereal says "Malformed Packet"  
> Check out http://www.severus.org/wifi-caps/sample 

Well, the first frame in that capture *does* look malformed - there's an
information element at the end that, at least as I read 802.11-1999, is
a TIM element, and the octet following the octet with the value 5
(meaning TIM) has the value 4, meaning 4 bytes of information following
the element ID and the length, but there are only 2 bytes of information
following the length.

It could be that the driver isn't properly handling those frames, or
that the network card isn't correctly supplying them to the host, or
that whatever device sent the frame is mangling them.

Doug, any ideas?

> I'm not going to worry too much about this until 4.6 is oficially 
> released.  Does anyone know if monitor mode is ever going to be 
> natively supported by OpenBSD?  Can the FreeBSD driver/ancontrol be 
> ported?

It probably could be ported, but I don't know what plans there are.

Bill Studenmund of NetBSD has mentioned some 802.11 BPF issues in a
discussion on a NetBSD list that got forwarded to the tcpdump-workers
mailing list; perhaps the {Free,Net,Open}BSD people - and the Darwin
people, considering at least one company selling computers with a
Darwin-based OS (the fruit-flavored company in Cupertino, California,
USA) certainly touts the wireless networking capabilities of their
machines - should discuss this in common.  (Bill, would that be
something that should be discussed on the bsd-api mailing list?)
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube