hce wrote:
On Dec 5, 2007 2:41 PM, hce <webmail.hce@xxxxxxxxx> wrote:
My applology, the wireshark-0.99.6 is running on linux FC6. And it is
just capturing wifi data on its wifi port (will be required to capture
all other traffic as well).
I.e., it's only capturing data frames, not management frames?
To capture management frames, you'll have to put the adapter into
monitor mode.
See
http://wiki.wireshark.org/CaptureSetup/WLAN#head-bb8373ef4903fe9da2b8375331726541fb1ad32d
for information on putting the adapter into monitor mode.
The libpcap version I used is libpcap-0.9.4-11.fc6.i386.rpm. How can I
check whether this version supports 802.11 or not?
0.9.4 supports 802.11.
I configured with Link-layer header type: Ethernet (it can only select
either Ethnernet or Data Over Cable Service Interface) and with
Capture packets in promiscuous mode (I tried to turn promiscuous mode
off, not work either). The frame only include IEEE 802.3 Ethnernet.
Linux drivers that support monitor mode generally only provide 802.11
headers in monitor mode.
I checked to the document, it says "This would probably require that
you capture in promiscuous mode or in the mode called "monitor mode"
or "RFMON mode". Where can I found monitor mode or RFMON mode in
Capture Option?
It's not in the (current) Capture Options dialog. It might get added at
some point, for at least some adapters on Linux
({Free,Net,Open,DragonFly}BSD handle monitor mode a bit more cleanly).
Therefore, you'll have to turn monitor mode on from the command line;
see the link above for information on how to do that, at least for some
adapters; what type of 802.11 adapter do you have on your machine?
