PRISM 1 card firmware that is known to work is Intersil version 0.8.3. PRISM 2 Lucent/Proxim firmware versions seem to have an issue with prolonged capturing when on the same channel for more than a few seconds, but version 6.0.6 seems to work. If your card has newer firmware, you can downgrade it by using a Windows computer and the WSU_606.exe utility from Proxim.
Monitor mode support is included by default in driver versions 0.15 and above, however many distributions ship with a lower version than that. The iwpriv command may be used to list "private" commands that can be issued to the driver. If the monitor command is not included, you'll need to patch your linux 2.4 kernel tree with this patch from this site.
To enable monitor mode with these cards and start capturing:
shell# iwpriv eth0 monitor 2 <channel> shell# ifconfig eth0 up shell# tcpdump -n -i eth0 -s 1500 -w <savefile>
New versions of the orinoco driver (0.15) under Debian etch seem to only allow monitor mode to be entered when the firmware is of an appropriate level. You can however force the matter by supplying "force_monitor=1" as part of the orinoco module load.
To enable monitor mode with these cards and start capturing:
shell# ifconfig wi0 mediaopt monitor channel <channel> shell# ifconfig wi0 up shell# tcpdump -n -i wi0 -s1500 -y IEEE802_11 -w <savefile>$Id: monitor-prism.html,v 1.4 2007-06-01 03:29:04 kos Exp $