On Wed, May 26, 2004 at 08:56:07AM -0700, Chris Waters wrote:
> If you are using Ethereal under Linux then Ethereal can do it directly and
> there are instructions in the FAQ:
>
> http://www.ethereal.com/faq.html#q5.36
FreeBSD supports it as well (and NetBSD 2.0 will probably do so, too),
at least for some interfaces. (FreeBSD 5.2 supports it for more
interfaces; hopefully the mechanism used by the 5.2 Prism II/Orinoco
driver ("wi") and, I think, the Atheros driver will eventually be
supported by other drivers such as the Aironet driver. As long as I'm
making wishes, it'd be nice if the *Linux* Aironet driver started
working the way I infer from the Kismet documentation that at least some
of the other Linux drivers work....)
> If you are using Windows then there is no way to capture raw 802.11 frames
> directly into Ethereal, however you can use external capture hardware, such
> as the Network Chemistry Neutrino Sensors:
>
> http://www.networkchemistry.com/solutions/package1.php
Is TZSP documented? If so, at some point I hope to add to libpcap the
ability to add support for multiple remote capture protocols, such as
the Politecnico di Torino folks' "rpcap" protocol, and it might be
useful to add TZSP as well, so that you could capture on
"tzsp://{host}/{device}".
That way, at least if no authentication is needed to connect to the
remote capture device and no options need be specified when connecting,
applications using {libp,WinP}cap would just have to be relinked with
the new libpcap in order to capture on Neutrino sniffers (and if they're
dynamically linked with {libp,WinP}cap, you might just have to install a
new version) - and, if necessary, they could be modified to use
"pcap_open()" or another new API if authentication or other special
options are needed.
