Re: radiotap on linux

[David Young <dyoung () pobox com>]

On Wed, Jun 14, 2006 at 01:04:05PM -0500, Matthew Belcher wrote:
> On Wednesday 14 June 2006 12:38, David Young wrote:
>
> > Are you sure this is a radiotap capture?  Where it says "link-type
> > IEEE802_11," it should say "link-type IEEE802_11_RADIO".  Perhaps the
> > driver is really creating a radiotap capture, but it uses the wrong DLT?
>
> Thanks Dave. Is there something you have to set to change the link type from 
> IEEE802_11 to IEEE802_11_RADIO? I didn't realize there was a difference.

I don't know how it works in Linux.  In BSD, the taps are set up like
this:

radiotap (driver-specific; this is for Atheros):

        bpfattach2(ifp, DLT_IEEE802_11_RADIO,
                sizeof(struct ieee80211_frame) + sizeof(sc->sc_tx_th),
                &sc->sc_drvbpf);

802.11 tap:

        bpfattach2(ifp, DLT_IEEE802_11,
            sizeof(struct ieee80211_frame_addr4), &ic->ic_rawbpf);

ethernet tap:

        bpfattach(ifp, DLT_EN10MB, sizeof(struct ether_header));

Dave

-- 
David Young             OJC Technologies
dyoung () ojctech com      Urbana, IL * (217) 278-3933
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.