Guy Harris wrote:
No, there's no way to track, for example, the Retry flag in the Frame
Control field; the only packets you'll see outside of monitor mode are
data frames, and the frame control field will be discarded - there's
no place to put that information in a fake Ethernet header.
So
Christian Stalp wrote:
And one question more, how can I use monitore-mode for normal traffic?
I.e., you want to run in monitor mode while still using the adapter for
normal traffic?
Whether you can do that depends on the adapter and the driver; as I
understand it, some adapters can support
Christian Stålp wrote:
Argh, thats are very very sad news. That dumps all my ideas. My project
was to track the retry field and in case of a dramitical increase switch
over to the monitor mode, and see what wrong. Maybe you see some
pattern, some events? My idea was to obserse which station in
Guy Harris wrote:
Note that this means that your filter expression "wlan[0:2] & 0xF1 !=
0" will be checking the first two octets of the destination MAC
address, as that's what the first two octets of the link-layer header
are. (Yes, you said "wlan", but "wlan" is just another name for
"lin
On Feb 15, 2008, at 2:15 AM, Christian Stalp wrote:
I changed my capture-routine this way:
void packet_default(u_char *args, const struct pcap_pkthdr *header,
const u_char *packet)
{
char insertvalues[256];
memset (insertvalues, 0x0, 256 );
//struct ieee_802_11_heade
On Feb 15, 2008, at 4:52 AM, Christian Stalp wrote:
But the result is the same. Its still the first four fields of my
MAC-address but the final two are still trash.
I.e., the first four octets of the source MAC address are valid and
have the correct values (i.e., they match the MAC address
On Fri, Feb 15, 2008 at 10:23:48AM -0600, alexander medvedev wrote:
> to get 80211 frames you should be listening on the interface in the
> monitor mode.
>
> i vaguely remember that on some cards it is done with "iwconfig" command.
> not sure for atheros cards...
[...]
I've found the following p
rs@lists.tcpdump.org
> Betreff: Re: [tcpdump-workers] problem while examinate 802.11-packets
>
> Christian,
>
> to get 80211 frames you should be listening on the interface in the
> monitor mode.
> i vaguely remember that on some cards it is done with "iwconfig" command
ated to my
> atheros-card?
>
>
> Gruss Christian
>
> Original-Nachricht
> > Datum: Fri, 15 Feb 2008 08:49:10 -0600 (CST)
> > Von: alexander medvedev <[EMAIL PROTECTED]>
> > An: tcpdump-workers@lists.tcpdump.org
> > Betreff: Re: [tcpdum
nsertbuffer ));
> > printf("%s\n", insertvalues);
> > }
> >
> > But the result is the same. Its still the first four fields of my
> MAC-address but the final two are still trash.
> >
> > Gruss Christian
> >
> >
> >
> > --
but the final two are still trash.
>
> Gruss Christian
>
>
>
> Original-Nachricht
> > Datum: Thu, 14 Feb 2008 10:51:25 -0800
> > Von: Guy Harris <[EMAIL PROTECTED]>
> > An: tcpdump-workers@lists.tcpdump.org
> > Betreff: Re: [tcpdu
two are still trash.
Gruss Christian
Original-Nachricht
> Datum: Thu, 14 Feb 2008 10:51:25 -0800
> Von: Guy Harris <[EMAIL PROTECTED]>
> An: tcpdump-workers@lists.tcpdump.org
> Betreff: Re: [tcpdump-workers] problem while examinate 802.11-packets
> Christian Sta
ess, but the last two fields are anything nonsence.
A yes, I want to note, that I use Linux not BSD.
Gruss Christian
Original-Nachricht
> Datum: Thu, 14 Feb 2008 10:51:25 -0800
> Von: Guy Harris <[EMAIL PROTECTED]>
> An: tcpdump-workers@lists.tcpdump.org
> B
Christian Stalp wrote:
And now the first weired thing: if I check my interface for ethernet
it passes, if I check for wlan it fails!
I infer from the name "ath0" that this is *BSD.
If so, then all 802.11 devices default to providing Ethernet headers,
for compatibility with applications that
Hello out there,
I have a big problem to read incoming wlan-packets with pcap-library.
First I introduced my program the ieee_802_11_header struct for casting:
struct ieee_802_11_header {
__u16 frame_control; // needs to be subtyped
__u16 duration;
__u8mac
15 matches
Mail list logo
