problem while examinate 802.11-packets

["Christian Stalp" <christian.stalp () gmx de>]

Hello out there,
I have a big problem to read incoming wlan-packets with pcap-library.

First I introduced my program the ieee_802_11_header struct for casting:

struct ieee_802_11_header {
        
        __u16   frame_control; // needs to be subtyped
        __u16   duration;
        __u8    mac1[6];
        __u8    mac2[6];
        __u8    mac3[6];
        __u16   SeqCtl;
        __u8    mac4[6];
        __u16   gapLen;
        __u8    gap[8];
} __attribute__ ((packed));

Then, I defined a filter for every packet that is been retransmited:
char filter_exp[] = "wlan[0:2] & 0xF1 != 0";

I defined the device, it's a atheros-wlan interface:
dev = "ath0";

and did this:
pcap_lookupnet(dev, &net, &mask, errbuf);
handle = pcap_open_live( dev, snaplen, promisc, to_ms, errbuf)

And now the first weired thing: if I check my interface for ethernet it passes, if I check for wlan it fails! 

if (pcap_datalink(handle) != DLT_EN10MB) 
{
        perror("is not an Ethernet\n");
        exit(EXIT_FAILURE);
}
        
if (pcap_datalink(handle) != DLT_IEEE802_11) 
{
        perror("is not an WLAN\n");
        exit(EXIT_FAILURE);
}
So my program only runs if I commend out the second if-brach.

pcap_compile(handle, &fp, filter_exp, 0, net)
pcap_setfilter(handle, &fp)
pcap_loop(handle, num_packets, packet_received, NULL);

I want to distinguish that I checked everey call for exceptions, return of NULL, or other error-codes!

So now my capture-routine:

void packet_default(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
        char insertvalues[256];
        memset (insertvalues, 0x0, 256 );
        struct ieee_802_11_header *wptr;   //net/802_11.h 
        
        if( ( wptr = calloc(1, sizeof(struct ieee_802_11_header)) ) == NULL )
        {
                perror ("Fehler beim Reservieren des Speichers fuer die 802_11-Struktur\n");
                exit(EXIT_FAILURE);
        }
        
        
        wptr = (struct ieee_802_11_header *) packet;
        snprintf(insertvalues,255, "default: %s",ether_ntoa((struct ether_addr*)(wptr->mac1)));
        printf("%s\n", insertvalues);
        
        
        
        printf ("Habe Default-Packet empfangen!\n");
        //mytraffic->num_frames++;
}

The problem is, that I get only a part of my mac-adress. The first and the second field are just trash, the last 4 
field are really showing my mac-adresse, but only the first four fields of course! 

I also tried this with casting to ethernet-frames but came out with the same result. What is wrong here? Can anybody 
help?

Thank you

Gruss Christian
 

-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.