tcpdump mailing list archives

Re: Missing packet fields in big endian with ath9k

From: Luis Correia <lfpcorreia () gmail com>
Date: Fri, 26 Apr 2013 19:50:16 +0100

Hi Michael, thnks for replying.

I check for link type this way:
(pcap_datalink(dev_handler) == DLT_IEEE802_11) ,
So i'm pretty sure its the right data link. Unless pcap_datalink() is broken..

Meanwhile I've media some progress by looking at iwcap 
(https://dev.openwrt.org/browser/trunk/package/iwcap/src/iwcap.c?rev=30747)

specifically, by using 
#define FRAMETYPE_MASK 0xFC
#define FRAMETYPE_BEACON 0x80
#define FRAMETYPE_DATA 0x08
#define FRAMETYPE_PROBREQ 0x40

and testing with this:

u8 frametype = *(u8 *)(data + radio_len);

if ((frametype & FRAMETYPE_MASK) == FRAMETYPE_PROBREQ)
{
    cout << "len: " << radio_len << endl;
    cout << ether_ntoa((struct ether_addr *) p->add1) << " " << ether_ntoa((struct ether_addr *) p->add2) << " " << 
ether_ntoa((struct ether_addr *) p->add3) << endl; 
}

I manage to print the packets I'm interested in.

However I still can't access the RSSI value of the packet..

Is it the [byte data] & FRAMETYPE_MASK (0xFC) logic operation that does the "magic"?

I don't have enough knowledge to understand what the operation does.. Do you have and care to explain?

If I type cast the radio tap struct and do the same thin on the rssi field ( ssi_signal & FRAMETYPE_MASK) does the 
result equals the rssi signal in decimal?!

Thnks in advance

On Apr 26, 2013, at 7:16 PM, Michael Richardson <mcr () sandelman ca> wrote:


It sounds like you are not taking into account the link type.
EN10B and LINUX encapsulations are different. "tcpdump" without any
arguments listens on "any" interface, which is a cooked "LINUX"
encapsulation.  I' doubt that the one on openwrt does the same thing.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [


_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (Apr 26)
  - Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 26)
    - Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 27)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 27)
    - Re: Missing packet fields in big endian with ath9k Luís Correia (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Mike Kershaw / Dragorn (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Michael Richardson (May 01)

(Thread continues...)