Wireshark mailing list archives

Re: Capture filters for wlan

From: "j.snelders" <j.snelders () telfort nl>
Date: Sat, 3 Jul 2010 13:56:00 +0200

Hi Guy, Hi G,

I've been looking at the offsets and I've figured this out:
ra  b0:14:1e:30:74:a8
ta  00:16:b6:bc:d6:7b
da  00:16:b6:bc:d6:7b

ra capture filter
wlan[4:4]==0xb0141e30

wlan[4:4*]
* 4 seems to be the max

ta
wlan[10:4]==0x0016b6bc

da
wlan[16:4]==0x0016b6bc

wlan[4:4]==0xb0141e30 or wlan[10:4]==0x0016b6bc
wlan[4:4]==0xb0141e30 and wlan[10:4]==0x0016b6bc

My best
Joke

On Fri, 2 Jul 2010 13:43:44 -0700 Guy Harris wrote:

On Jul 2, 2010, at 1:34 PM, G Capps wrote:

Unfortunately, there aren't libpcap capture filters for the TA and RA.
Time for me to dive into libpcap's grammar.y/gencode.c again, to add

TA and RA filters....


I was afraid there might not be any.  But are you suggesting that they
may be available in a future revision?


I'm saying that libpcap should probably be enhanced to support more filters
for 802.11 MAC addresses; if somebody implements them in a future libpcap
release, they'll be available in future versions of {at least some Linux
distributions, *BSDs that bother to pick up that version of libpcap, Mac
OS X if it picks up that version of libpcap, WinPcap, etc.}.

On UN*X, libpcap isn't part of Wireshark, so a future Wireshark revision
won't make a difference; you'd have to install an updated version of libpcap
yourseflf.  On Windows, Wireshark is packaged with WinPcap, so if a future
WinPcap is based on a future libpcap with those additional filters, some
future Wireshark release would probably be packaged with that future WinPcap
(and you might be able to install it on your system yourself.

I wouldn't expect it to happen soon, however; libpcap, like Wireshark, is
free software, so it's up to somebody who has enough Copious Free Time(TM)
to work on it.


       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Capture filters for wlan G Capps (Jul 01)
- Re: Capture filters for wlan Steve Evans (Jul 02)
  - Re: Capture filters for wlan Guy Harris (Jul 02)
- <Possible follow-ups>
- Re: Capture filters for wlan G Capps (Jul 02)
  - Re: Capture filters for wlan Guy Harris (Jul 02)
    - Re: Capture filters for wlan j.snelders (Jul 03)
    - Re: Capture filters for wlan Guy Harris (Jul 03)
    - Re: Capture filters for wlan Guy Harris (Jul 03)
    - Re: Capture filters for wlan j.snelders (Jul 04)
    - Re: Capture filters for wlan Guy Harris (Jul 03)
- Re: Capture filters for wlan G Capps (Jul 03)
- Re: Capture filters for wlan G Capps (Jul 05)