>> dude.  that's really kewl.  so...you "trick" the card into sending a
>> "probe request", and the card itself records the responses for a short
>> period of time?  or do you have to poll the card frequently?
>
>I have an ioctl that tells the card how frequently to send out a
>probe request, and I have an ioctl to fetch the last poll results
>from the card.

that makes sense.  okay, the card stores the probe responses it gets
for some period of time.  uh...do you know how long?  just out of
curiosity?

>> what criterion are you using for putting names like "flame.org" in
>> there?
>
>That's the SSID, which is common for a service group.  It's
>transmitted in the beacon packet.

right.  i keep getting confused.  there's SSID (aka the nwid), BSSID
(which seems to correspond to the 802.11 hardware address of the
access point), and name (which i don't think i've ever used).

>The access point name itself is a different beast, and has to be
>probed for, so of course one can only probe for access points you
>have the WEP key for, or which have WEP disabled.

that makes sense.  i'm skimming over data i've gotten from netstumbler
and none of the ones that report CAPFLAGS_PRIVACY have a "name" with
them.  of course, some of the ones that don't report that have no name
either.  i always assumed it was something i didn't get to set, but it
seems, given "Prism I" (linksys default?), "budgey2" (owner set most
likely), and "AP-1000" (an orinoco access point), that most people
don't set it.

>> >I plan on cleaning up the driver and committing it later this week,
>> >along with a program, probably called wimonitor, which will display
>> >the nearby access points.
>> 
>> cool.  anything i can do to help?
>
>I'd like to have a device (/dev/wi0 or something) that can be used as
>a method to pass data into and out of the kernel.  I'd use this as a
>way to pass along packets that perhaps I don't want to send to the
>IP stack (management, encrypted or undecryptable frames, etc) as
>well as a general purpose async notification pipe for monitoring
>AP associations, signal strengths, etc.

the ioctl method seems the best for this, afaict.  management frames
ought already to be passed up (although i've never seen them), but the
encrypted frames (so we can crack wep again) or undecryptable frames
will, i think, require putting the card into a mode where it's not
very usable as a network interface.

>Does this make sense perhaps?

i think ioctls are better.  otherwise you need one device for each, or
a cloning interface, or it just gets even messier.  imho.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."