Re: 802.11B and libpcap

[Robert van der Meulen <rvdm () cistron nl>]

Hi,

Quoting Frank Knobbe (FKnobbe () KnobbeITS com):
> what exactly is the different then between 'monitor' mode and
> promiscuous mode? I took a look at AirSnort, and it seems to be using
> raw sockets or something, but for sure not libpcap. Was that decision
> made just out of convenience? Couldn't AirSnort (or at least its
> packet acquisition piece) be re-written to use libpcap? Then it
> should work with other hacked drivers like the Cisco as well.
Note that i'm not a network/kernel programmer, so i'm just mentioning what i
seem to have read/found out in my search for a good network analyser for
802.11/linux.

As far as i know, monitor mode allows for monitoring of raw 802.11 traffic
without having identified/associated with an AP.
Promiscuous mode means 'capture all packets you recieve'; 'monitor mode'
means 'capture all 802.11 data you recieve'. 'all 802.11 data' means you
don't have to be associated with an AP, you recieve WEP encrypted traffic as
well (whereas if you're associated with an AP, you recieve only traffic
going over that access point, encrypted with the WEP key you've agreed on
with the AP (or no encryption at all).
With my Orinoco card, i can just find non-WEP AP's, as my card
associates with those as soon as i set my ESSID to an empty string.

Greets,
        Robert

-- 
                              Linux Generation
   encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key.
              "Cleveland?  Yes, I spent a week there one day."

Attachment: _bin
Description: