Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Rob]

We want support for "monitor mode", "RFMON mode" and "Promiscuous mode" so we can run Wireshark (and other similar programs).

Some programs are able to offer this feature in Windows Vista and Linux ( http://en.wikipedia.org/wiki/RFMON ) but support for WinXP is lacking. D-Link support for Vista and Linux is not as good as it is for WinXP, thus we have a problem.


Here is a link explaining why you might want your Wireless Network Card to support these features:

Capturing packets on wireless LANs
http://www.wireshark.org/faq.html#sec10


Some Wireless Network Cards provide better support for packet sniffing than others. The D-Link DWA-552 (and other D-Link cards) do NOT offer support for this feature in their drivers. When other drivers available off the Internet are used we get varying results (usually not great).

There are some Un-OFFICIAL (not supported by D-Link, but they ARE supported, to some extent on the websites) drivers for the AR5008 chipset (DWA-552) available on these websites:

Wildpackets driver
http://www.wildpackets.com/products/analysis_cards/overview

CommView
http://www.tamos.com/download/main/

Linux drivers are available for download from http://madwifi.org/


The WinXP (and Linux) drivers offered at those sites have many more features (compared to D-Link's ar5416.sys driver) when you check the "Wireless Network Connection Properties" pane and click "[Configure][Advanced]". The WinXP features are: "802.11b Preamble", "Map Registers", "MFP", "Network Address", "Peek Country", "Peek Ignore Error EAPOL-Key", "Peek Max GTK", "Peek Max PTK", "Power Save Mode", "Power Save Policy (Background)", "Power Save Policy (Best Effort)", "Power Save (Video)", "Power Save (Voice)", "Radio On/Off", and "Scan Valid Interval".


Comparison of open source wireless drivers (see what you are missing):
http://en.wikipedia.org/wiki/Comparison_of_open_source_wireless_drivers#Driver_capabilities


Here is some info about the AirPcap cards from Cace Technologies. Your DWA-552 could easily support these features with a new driver:
http://www.cacetech.com/products/airpcap_family.htm

Here is some info about the TurboCap card from Cace Technologies. Your DWA-552 could easily be half as good as this card with a new driver:
http://www.cacetech.com/products/turbocap.htm


If you want these features then please vote YES now to indicate your interest in this subject and encourage the manufacturer to support this feature. It would not add to the cost of your product and could be "Beta Only" (without Official Support).

It is a win/win for both the consumer (pro features for FREE) and the manufacturer (sell more cards and have their cards recommended by techies). Currently these other cards are getting the nod: Alfa AWUS036H, Ubiquiti SRC, Alfa USB AWUS036S, etc.

Lets make D-Link Xtreme the best card available.

Rob

[Rob]

A simple way to implement this might be to use a "mirror port" as described in the document on this page:

DGS-3427 
http://support.dlink.com/products/view.asp?productid=DGS%2D3427

xStack DGS-3400 Series Layer 2 Gigabit Managed Switch CLI Manual
ftp://ftp.dlink.com/Switch/dgs3400/Manual/dgs3400_CLImanual_230.zip


On page 113 is this description of the "config mirror port" command (the switch is configured with a CLI):

This command allows a range of ports to have all of their traffic also sent to a designated port, where a network sniffer or other device can monitor the network traffic. In addition, users can specify that only traffic received by or sent by one or both is mirrored to the Target port.


A new page on the DIR-655 Router (a fine companion to the DWA-552) could allow one to configure the Router to intercept raw traffic and output it to one of the ports on the rear. This could also be used in advanced Linux Firewall configurations.