Re: 802.11 + radio headers question...

[Guy Harris <guy () alum mit edu>]

On Apr 14, 2009, at 8:54 AM, Eddie Harari wrote:

> so when i "sniff" a packet from my "monitor" mode intel chipset  
> based wifi
> card ,
> how do i know which radio info is preceding the 802.11 header ?

The same way that, when you sniff a packet from any network adapter,  
you know what link-layer header it has, at least if you're using  
libpcap/WinPcap - you call pcap_datalink() on the pcap_t * you got  
back from pcap_open_live(), pcap_open_offline(), or pcap_create() 
+pcap_activate(), and see what it returns.  DLT_IEEE802_11 means there  
are no radio headers; DLT_IEEE802_11_RADIO means there are radiotap  
headers; DLT_IEEE802_11_RADIO_AVS means there are AVS headers;  
DLT_PRISM_HEADER means there are either Prism or AVS headers (if the  
first 32 bits, in big-endian byte order, of the packet data are  
0x80211001 or 0x80211002, the packet has an AVS header, otherwise it  
has a Prism header).
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.