On Saturday 06 March 2004 6:46 pm, Cedric Blancher wrote: > Le sam 06/03/2004 à 19:12, Antony Stone a écrit : > > > tcpdump sees ethernet frames, > > IPX and similar traffic which are not even IP based, as well as > > completely different media types such as 802.11b headers. > > Just a notice about 802.11 stuff. > > The way tcpdump will see traffic coming from a wireless link depends on > the wifi interface state. If the interface is in normal operation mode > (managed, ad-hoc or master), it will see frames as usual ethernet ones, > just as it was sniffing a wired link. If the interface is in monitor > mode, then it will see the frames will full 802.11 header. True - I guess I'm just used to always doing my 802.11 sniffing in monitor mode, so I get the maximum information out of the exercise :) > BTW, I can confirm tcpdump will see outgoing traffic as it is after > POSTROUTING chain, and incoming one as it is before PREROUTING. I've > just checked playing with TTL on pings. Thanks. Antony. -- "Note: Windows 98, Windows 98SE and Windows 95 are not affected by [MS Blaster]. However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions." (which *are* affected by MS Blaster...) http://www.microsoft.com/security/security_bulletins/ms03-026.asp Please reply to the list; please don't CC me.
