Wireshark · Ethereal-users: Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?

[Solomon Peachy <solomon@xxxxxxxxxxxxxx>]

On Fri, Jun 14, 2002 at 12:03:51AM -0700, Guy Harris wrote:
> It appears that the Aironet card de-WEP's the packets but *doesn't*
> strip out the WEP IV+ICV:

Ugh.  Now that's annoying.  

Of course, now that the dissector handles WEP for us (or it will once I
finish [re|un]-mangling my patch to your standards) the capturer could
just leave WEP turned off during the capture.

Of course, if we try to de-wep the already de-wepped data, the decode will
fail and it'll be left alone.  Since there's no way of telling
already-dewepped data from a failed decode, we have to make a decision
whether or not to treat the resultant stuff as raw data, or try and
dissect it further.  

> Does the driver know when the card is set to de-WEP the packets?  If it
> does, and the card is set to de-WEP the packets, are *all* incoming
> packets de-WEPed?

Now I'm talking about the linux-wlan-ng driver here; the aironet cards use
a different driver.   But to answer your question, the driver knows, and
de-weps everything it can; but it's quite possible for it to get packets
that it doesn't know how to decrypt, which it then passes down
undecrypted.

 - Pizza
-- 
Solomon Peachy                        solomon@xxxxxxxxxxxxxx
AbsoluteValue Systems                 http://www.linux-wlan.com
715-D North Drive                     +1 (321) 259-0737  (office)
Melbourne, FL 32934                   +1 (321) 259-0286  (fax)

Attachment: pgpme_2OaYM9J.pgp
Description: PGP signature