On Fri, Jun 14, 2002 at 05:40:04PM +0800, Evelyn Tan wrote:
> I know that Ethereal is able to capture and analyze the 802.11
> protocol,
It is able to do so on *some* 802.11 devices on *some* versions of
*some* operating systems with *some* versions of the drivers for those
802.11 devices:
http://www.ethereal.com/faq.html#q4.21
> but I wonder how it works. Is the WinPCap provide the API to
> do so,
Ethereal uses libpcap to do packet capture; WinPcap is the version of
libpcap for Windows, so that's the library it uses on Windows.
Unfortunately, Windows OT (95, 98, ME) and Windows NT (NT 4.0, NT 5.0
a/k/a Windows 2000, NT 5.1 a/k/a Windows XP and Windows .NET Server) are
*not* operating systems on which Ethereal can capture the 802.11
protocol.
The analysis of the packets is done by code in Ethereal itself, not by
code in libpcap/WinPcap.
> For your information, I am currently working on the research area that
> is related this wireless packet captured. And I hardly found any tools
> or driver that is work on win32.
WinPcap doesn't support capturing raw 802.11 packets, because the
Windows drivers for wireless cards don't support it. The commercial
802.11 sniffers for Windows supply their own drivers; however, neither
the developers of WinPcap nor we have the time to develop *and* support
replacement drivers for 802.11 devices for Windows.
If you want to capture raw 802.11 packets, you will either need to
1) install Linux or FreeBSD on a machine, get one of the cards
for which the Linux or FreeBSD drivers supports raw 802.11
packet capture, and do the capturing with that machine
or
2) buy a commercial 802.11 sniffer for Windows (AiroPeek or
AiroPeek NX from WildPackets:
http://www.wildpackets.com/
and Wireless Sniffer from Network Associates:
http://www.sniffer.com/
are some of the commercial 802.11 sniffers for Windows)
*and*, if necessary, get one of the cards that sniffer's
driver supports.
