tcpdump mailing list archives
Re: problem while examinate 802.11-packets
From: "Christian Stalp" <christian.stalp () gmx de>
Date: Fri, 15 Feb 2008 16:07:57 +0100
Hello Alexander, thanks for help I envoke tcpdump without parameters because ath0 is the default interface. Im in the normal mode for network transmission, no monitor! I receive and send packets, this mail goes also over this connection. So.. venus:/home/chris# tcpdump listening on wifi0, link-type IEEE802_11 (802.11), capture size 96 bytes 15:59:53.001494 Assoc Request 15:59:53.341363 Assoc Request 15:59:59.341630 Assoc Request 16:00:00.001798 Assoc Request 16:00:07.002099 Assoc Request 16:00:11.342169 Assoc Request These seems to be wlan-frames? Ah yes one thing, I have an ath0 and wifi0-interface, both related to my atheros-card? Gruss Christian -------- Original-Nachricht --------
Datum: Fri, 15 Feb 2008 08:49:10 -0600 (CST) Von: alexander medvedev <alexm () pycckue org> An: tcpdump-workers () lists tcpdump org Betreff: Re: [tcpdump-workers] problem while examinate 802.11-packets
Christian, what happens, if you listen on the interface using tcpdump? do you get 802.11 frames or do you get ethernet frames? i.e. is RFMON on? -alexm 08:47 15/02/2008 On Fri, 15 Feb 2008, Christian Stalp wrote:In the mean time I found some hint. I did not told you that my program is multithreaded, because I thoughtit doesn't matter. Accidentally I was stumble over the function "ether_ntoa_r".So I changed my capture-function (which is called by a thread!) to this: void packet_default(u_char *args, const struct pcap_pkthdr *header,const u_char *packet){ char insertvalues[256]; char insertbuffer[256]; memset (insertvalues, 0x0, 256 ); memset (insertbuffer, 0x0, 256 ); struct ether_header *ethprt; ethprt = (struct ether_header *) packet; snprintf(insertvalues,255, "default-s: %s",ether_ntoa_r((structether_addr*) (ethprt->ether_shost), insertbuffer ));printf("%s\n", insertvalues); } But the result is the same. Its still the first four fields of myMAC-address but the final two are still trash.Gruss Christian -------- Original-Nachricht --------Datum: Thu, 14 Feb 2008 10:51:25 -0800 Von: Guy Harris <guy () alum mit edu> An: tcpdump-workers () lists tcpdump org Betreff: Re: [tcpdump-workers] problem while examinate 802.11-packetsChristian Stalp wrote:And now the first weired thing: if I check my interface for ethernet it passes, if I check for wlan it fails!I infer from the name "ath0" that this is *BSD. If so, then all 802.11 devices default to providing Ethernet headers, for compatibility with applications that don't know about 802.11. You have to explicitly ask it for 802.11 headers; usepcap_list_datalinks()to get a list of all the link-layer types the device supports and, if that list includes DLT_IEEE80211, use pcap_set_datalink() to set the link-layer type to that value.wptr = (struct ieee_802_11_header *) packet;That won't work unless you set the link-layer type to DLT_IEEE80211. Note also that, on at least some Atheros devices, there's anadditionalproblem - if you ask them to supply 802.11 headers, they stick in some extra padding between the 802.11 header and the frame body. To handle that, you need to request the radiotap header, if available - DLT_IEEE80211_RADIO - and parse the radiotap header to see if the padding is included.I also tried this with casting to ethernet-frames but came out with the same result.I.e., you cast the packet pointer to a pointer to a structure such as struct ether_header { __u8 dst[6]; __u8 src[6]; _u16 type_len; }; and "dst" and "src" aren't correct MAC addreses? - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.-- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
-- Psst! Geheimtipp: Online Games kostenlos spielen bei den GMX Free Games! http://games.entertainment.web.de/de/entertainment/games/free - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: problem while examinate 802.11-packets, (continued)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 14)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 15)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stålp (Feb 16)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 16)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 17)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 16)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 16)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 14)
- Re: problem while examinate 802.11-packets alexander medvedev (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 15)
- Re: problem while examinate 802.11-packets alexander medvedev (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 15)
- Re: problem while examinate 802.11-packets Eloy Paris (Feb 15)