On Mar 14, 2008, at 10:20 AM, Guy Harris wrote:
> On Windows prior to Windows Vista, that's how *all* the drivers
> work, as
> far as I know; the networking stack doesn't handle 802.11 headers. In
> Windows Vista, the networking stack can handle 802.11 headers, but not
> all drivers have been changed to work with the "Native 802.11"
> mechanism
> - and, even for those that have, WinPcap doesn't put the adapter into
> monitor mode, so they won't supply 802.11 headers.
>
> So if you've captured on Windows with a WinPcap-based application,
> such
> as WinDump or Wireshark, you won't have an 802.11 capture.
Another option on Windows is to buy an AirPcap adapter:
http://www.cacetech.com/products/airpcap_family.htm
and use that with Wireshark. It, in effect, always runs in monitor
mode (it can't be used as a regular 802.11 adapter), and will,
presumably, be able to capture the traffic that your machine's regular
802.11 adapter sends and receives.
It's not an inexpensive option, however; the least expensive adapter
(802.11b/802.11g) costs USD 198.00.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
