tcpdump mailing list archives
Re: 802.11 + radio headers question...
From: Mike Kershaw <dragorn () nerv-un net>
Date: Tue, 14 Apr 2009 13:33:31 -0400
On Tue, Apr 14, 2009 at 09:58:31AM -0700, Guy Harris wrote:
On Apr 14, 2009, at 9:24 AM, David Young wrote:On Tue, Apr 14, 2009 at 11:54:50AM -0400, Eddie Harari wrote:so when i "sniff" a packet from my "monitor" mode intel chipset based wifi card , how do i know which radio info is preceding the 802.11 header ?The DLT that you have set determines the radio header....if you've selected one. On some platforms (Linux and Mac OS X 10.4), you (currently) can't choose a header using libpcap (and will never be able to do so on Mac OS X 10.4, as the OS doesn't support it); however, with libpcap 1.0 or later, if you request monitor mode by using pcap_create(), pcap_set_rfmon(p, 1), and pcap_activate(p), libpcap will attempt to get some form of radio header if it can.
Correct, though in (most) cases fetching the DLT is valid; On linux you will most likely get the radiotap header with any mac80211 based card (note: some drivers return invalid data, namely 2.6.27-28 range ath5k returns data 2 bytes short on some packet types). On madwifi-ng you'll get either radiotap, prism2avs, or none, depending on the setting in /sys. pre-mac80211 drivers will give you some variable range of headers. PPI is used almost exclusively by the 11n airpcap device on windows, but Kismet can now leverage it as a platform-neutral padding-neutral log format to rewrite all the radio header data from the other formats. http://802.11ninja.net/lorcon/browser/trunk/lorcon_decode.c is some basic code to strip various headers off dot11 packets. -m -- Mike Kershaw/Dragorn <dragorn () kismetwireless net> GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1 "You can't engineer away stupid."
Attachment:
_bin
Description:
Current thread:
- 802.11 + radio headers question... Eddie Harari (Apr 12)
- Re: 802.11 + radio headers question... Guy Harris (Apr 13)
- Re: 802.11 + radio headers question... Eddie Harari (Apr 14)
- Re: 802.11 + radio headers question... Mike Kershaw (Apr 14)
- Re: 802.11 + radio headers question... Eddie Harari (Apr 14)
- Re: 802.11 + radio headers question... David Young (Apr 14)
- Re: 802.11 + radio headers question... Guy Harris (Apr 14)
- Re: 802.11 + radio headers question... Mike Kershaw (Apr 14)
- Re: 802.11 + radio headers question... Eddie Harari (Apr 14)
- Re: 802.11 + radio headers question... Guy Harris (Apr 14)
- Re: 802.11 + radio headers question... Guy Harris (Apr 13)
- Re: 802.11 + radio headers question... Guy Harris (Apr 15)
- Re: 802.11 + radio headers question... Eddie Harari (Apr 15)
- Re: 802.11 + radio headers question... Guy Harris (Apr 15)
- Re: 802.11 + radio headers question... Eddie Harari (Apr 16)