Wireshark mailing list archives
Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows
From: Yang Luo <hsluoyb () gmail com>
Date: Wed, 13 Apr 2016 13:07:46 +0800
Hi Guy, As you know, Npcap/WinPcap is currently based on libpcap 1.0 branch 1_0_rel0b (20091008), which is a very old version. Adding features to so old wpcap.dll code will put me even farther away from the libpcap trunk. So I wanted to use the latest libpcap code in Npcap before adding code. Actually I posted a thread on tcpdump list about how to build libpcap on Windows before. But no solutions. Do you know how to build libpcap into wpcap.dll? I guess Loris developed the 1st generation WinPcap and ported libpcap into wpcap.dll. How did he achieve this? Cheers, Yang On Wed, Apr 13, 2016 at 10:23 AM, Guy Harris <guy () alum mit edu> wrote:
On Apr 12, 2016, at 6:39 PM, Yang Luo <hsluoyb () gmail com> wrote:On Wed, Apr 13, 2016 at 1:47 AM, Alexis La Goutte <alexis.lagoutte () gmail com> wrote:Awesome ! Need to include support of directly switch to monitor mode on Wireshark:)You bet! That will be the last step to do. WlanHelper is currently a workaround for this feature. Monitor modeswitch on and off should be able to be done directly using Wireshark for friendly use.However, I'm also planning to provide the monitor switch in a API waytoo, Yes. The API is pcap_set_rfmon(). In your activate routine, if the opt.rfmon field of the pcap_t is 1, then put the device in monitor mode, otherwise don't put it in monitor mode.so a program can switch on and off Monitor mode too.No, your only option to control monitor mode is when you open the device; you don't get to turn it on and off while you're capturing - you have to close the device and re-open it. If you do that, it will work in Wireshark, the same way it does in OS X (and, if you happen to have a version of libpcap linking with libel, on Linux), without having to change Wireshark.BTW, are there any options when setting to Monitor mode? Like channel noor something. There are currently no APIs in libpcap to control the channel number; I plan to add them in the future. (I plan to do that after splitting off some functions into a helper process, so that libpcap wouldn't have to be linked with libnl on Linux or with the CoreWLAN framework on OS X - only the helper process would.)I don't know what's NdisMediumPpiIt's for the PPI header: http://www.cacetech.com/documents/PPI%20Header%20format%201.0.10.pdf which AirPcap adapters, and at least some AirPort cards on some versions of OS X, can provide. Radiotap is a better form of radio metadata, and my goal is to get it to the point where everything Wireshark supports with PPI is also supported with radiotap (the only thing missing is the ability to show the individual frames of an A-MPDU all together).So is there any possibility to remove the "AirPcap" string in the UI?Yes, it should be removed from there. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows, (continued)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Guy Harris (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Guy Harris (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Guy Harris (Apr 13)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 13)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Guy Harris (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Graham Bloice (Apr 13)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 13)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Graham Bloice (Apr 13)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 13)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Graham Bloice (Apr 14)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Graham Bloice (Apr 15)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 15)