> After this, no more noise from me. Perhaps this will help some other old > fool some day: >
1. Get an 802.11 wireless adapter that supports monitor mode. If you don't know what adapter to use, from a -current OpenBSD release run 'apropos wireless' and then man the chipsets. 2. To capture 802.11 packets, you *should not* have an IP address or be associated with an Access Point. ACLs and MAC address restictions have no impact on your ability to capture packets. 3. Run this command to get the channel and the nwid of the Access Point (replace if0 with your 802.11 device name): ifconfig if0 scan 4. Now, configure the adapter like so: ifconfig if0 chan 6 ifconfig if0 nwid TheAP ifconfig if0 mediaopt monitor ifconfig if0 up 5. In a seperate terminal, run tcpdump to capture what the adapter sees: tcpdump -tttt -s 1514 -i rum0 -y IEEE802_11 -w wireless.capture 6. After a few hours (or whatever your time window is), load the tcpdump output file into a packet analyzer for analysis.
