Re: radiotap on linux

[David Young <dyoung () pobox com>]

On Wed, Jun 14, 2006 at 11:56:24AM -0500, Matthew Belcher wrote:
> > Are you running it with -s0 (or some larger-than-default capture size)?
> > A full RT header can be bigger than the 32 or 64 or whatever the default
> > # of bytes is for tcpdump to process.
>
> Thanks for your suggestion. I tried it with -s0 to see if that would help. 
> Here's what I get now:
>
> (none):~# tcpdump -i wifi0 -L
> Data link types (use option -y to set):
>   IEEE802_11 (802.11)
> (none):~# tcpdump -vv -i wifi0 -s0 -x
> tcpdump: listening on wifi0, link-type IEEE802_11 (802.11), capture size 65535 
> bytes
> 11:41:33.240612 unknown IEEE802.11 frame type (3)More Data More Fragments Pwr 
> Mgmt Retry Strictly Ordered WEP Encrypted 65535us (header) unknown IEEE802.11 
> frame type (3)unknown 802.11 frame type (3)
>         0x0000:  ffff ffff ffff 0002 6f21 e671 0806 0321  ........o!.q...!
>         0x0010:  0800 0604 0001 0002 6f21 e671 c0a8 0164  ........o!.q...d
>         0x0020:  0000 0000 0000 c0a8 0165
>
> As you can see that doesn't seem to have helped. Are the radiotap packets in 
> Linux formatted differently than in BSD? If so, does tcpdump only accept BSD 
> formatted radiotap packets? I'm trying to figure out whether this 
> functionality needs to be added or whether it is already there and I'm just 
> not setting things up right.

Are you sure this is a radiotap capture?  Where it says "link-type
IEEE802_11," it should say "link-type IEEE802_11_RADIO".  Perhaps the
driver is really creating a radiotap capture, but it uses the wrong DLT?

Radiotap headers had better not be formatted differently in Linux,
or else Linux is not compliant with the radiotap spec.

Dave

-- 
David Young             OJC Technologies
dyoung () ojctech com      Urbana, IL * (217) 278-3933
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.