Subject: Re: 802.11 wireless and tcpdump
To: John Maier <email@example.com>
From: Greg Troxel <firstname.lastname@example.org>
Date: 03/10/2005 08:40:07
802.11 drivers, and in particular ath(4) support different DLTs.
tcpdump can list the available ones (-L) and choose one of them (-D in
1.6 and I think 2.0, -y in current).
The default DLT for ath(4) is EN10MB, and 802.11 data packets are
mapped to Ethernet format and then tapped. This mapping happens
anyway since the packets are then passed to ether_input.
With '-y IEEE802_11', you get the 802.11 packets. Further, you can
put the card in monitor mode, which causes some packets that are
normally processed in hardware to be handed to the host for
inspection, but also prevents normal use.
Greg Troxel <email@example.com>