Re: radiotap on linux

[Matthew Belcher <matt () mattbelcher com>]

> Are you running it with -s0 (or some larger-than-default capture size)?
> A full RT header can be bigger than the 32 or 64 or whatever the default
> # of bytes is for tcpdump to process.

Thanks for your suggestion. I tried it with -s0 to see if that would help. 
Here's what I get now:

(none):~# tcpdump -i wifi0 -L
Data link types (use option -y to set):
  IEEE802_11 (802.11)
(none):~# tcpdump -vv -i wifi0 -s0 -x
tcpdump: listening on wifi0, link-type IEEE802_11 (802.11), capture size 65535 
bytes
11:41:33.240612 unknown IEEE802.11 frame type (3)More Data More Fragments Pwr 
Mgmt Retry Strictly Ordered WEP Encrypted 65535us (header) unknown IEEE802.11 
frame type (3)unknown 802.11 frame type (3)
        0x0000:  ffff ffff ffff 0002 6f21 e671 0806 0321  ........o!.q...!
        0x0010:  0800 0604 0001 0002 6f21 e671 c0a8 0164  ........o!.q...d
        0x0020:  0000 0000 0000 c0a8 0165

As you can see that doesn't seem to have helped. Are the radiotap packets in 
Linux formatted differently than in BSD? If so, does tcpdump only accept BSD 
formatted radiotap packets? I'm trying to figure out whether this 
functionality needs to be added or whether it is already there and I'm just 
not setting things up right.

Thanks again,
Matt
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.