Q 5.37: How can I capture raw 802.11 packets, including non-data (management, beacon) packets?
A: That depends on the operating system on which you're running, and on the 802.11 interface on which you're capturing.
This would probably require that you capture in promiscuous mode or in the mode called "monitor mode" or "RFMON mode". On some platforms, or with some cards, this might require that you capture in monitor mode - promiscuous mode might not be sufficient. If you want to capture traffic on networks other than the one with which you're associated, you will have to capture in monitor mode.
Not all operating systems support capturing non-data packets and, even on operating systems that do support it, not all drivers, and thus not all interfaces, support it. Even on those that do, monitor mode might not be supported by the operating system or by the drivers for all interfaces.
NOTE: an interface running in monitor mode will, on most if not all platforms, not be able to act as a regular network interface; putting it into monitor mode will, in effect, take your machine off of whatever network it's on as long as the interface is in monitor mode, allowing it only to passively capture packets.
This means that you should disable name resolution when capturing in monitor mode; otherwise, when Ethereal (or Tethereal, or tcpdump) tries to display IP addresses as host names, it will probably block for a long time trying to resolve the name because it will not be able to communicate with any DNS or NIS servers.
There are FAQ items below with information on capturing in monitor mode on Linux, FreeBSD, and NetBSD.
On Windows, you will not be able to capture in monitor mode on any interfaces, and you might not be able to capture in promiscuous mode, either. You might have some success in promiscuous mode with Centrino interfaces, although you will need Ethereal 0.10.6 or later in order to have the non-data packets recognized and properly dissected.
You will not be able to capture in monitor mode on any other platforms (including Mac OS X). You might be able to capture in promiscuous mode, but this won't capture non-data packets.