Subject: Re: 1.5Q: tcpdump vs. wi0?
To: John Hawkinson <jhawk@mit.edu>
From: Rafal Boni <rafal@mediaone.net>
List: current-users
Date: 01/04/2001 08:15:50
In message <200101040403.XAA20046@multics.mit.edu>, you write: 

-> In message <14931.49288.856554.419494@taulu.hel.fi.ssh.com>, Tero Kivinen wr
-> ites:
-> ...
-> >So immediately when I start tcpdump I will see duplicate packets
-> >coming to me. I have interpreted this so that when I turn on
-> >promiscuous mode I see both the x46 sending packet to base station and
-> >the base station sending it back to me, thus I see two packets instead
-> >of only one.

Hmm.  Interesting.  I see the opposite... When I start up tcpdump I start 
losing outgoing packets (so I see the echo replies locally but not on the
wired end being pinged).

[...]
-> At some point in the past the wi driver put the incorrect MAC addresses
-> in the faked up ethernet header, and you might have seen the airport's
-> MAC address on a packet received from (or to) the airport...
-> 
-> I suppose this is incentive to try to get the 802.11 tcpdump support
-> working...I started to do this and got lame.

Though it would require changes to the 802.11 drivers (which currently 
seem to only generate the encapsulating 802.11 frame to pass down to the
hardware), this is probably a Very Good Thing.  Are the 802.11 specs
available freely, or did you have to buy 'em?

I had the same thought yesterday as I tried to figure out what was going
on....

--rafal

----
Rafal Boni                                                  rafal@mediaone.net