tcpdump mailing list archives
Re: problem while examinate 802.11-packets
From: "Christian Stalp" <christian.stalp () gmx de>
Date: Fri, 15 Feb 2008 17:43:42 +0100
At this moment I do not want to change into the monitor-mode. I want to monitor the normal data-interchange. Without a malicious intend of course ;-) I want to track the retransfered packets, packets with the retry-field set. For that I set this filter expression: filter_exp[] = "wlan[0:2] & 0xF1 != 0". But this is not the problem I think, its still that I don't get valid MAC-adress. Gruss Christian -------- Original-Nachricht --------
Datum: Fri, 15 Feb 2008 10:23:48 -0600 (CST) Von: alexander medvedev <alexm () pycckue org> An: tcpdump-workers () lists tcpdump org Betreff: Re: [tcpdump-workers] problem while examinate 802.11-packets
Christian, to get 80211 frames you should be listening on the interface in the monitor mode. i vaguely remember that on some cards it is done with "iwconfig" command. not sure for atheros cards... you should probably change dev = "ath0"; to dev = "wifi0"; in your program and use your original version of the program. anybody, correct me if i am wrong... good luck, -alexm 10:18 15/02/2008 On Fri, 15 Feb 2008, Christian Stalp wrote:Hello Alexander, thanks for help I envoke tcpdump without parameters because ath0 is the defaultinterface.Im in the normal mode for network transmission, no monitor! I receiveand send packets, this mail goes also over this connection.So.. venus:/home/chris# tcpdump listening on wifi0, link-type IEEE802_11 (802.11), capture size 96 bytes 15:59:53.001494 Assoc Request 15:59:53.341363 Assoc Request 15:59:59.341630 Assoc Request 16:00:00.001798 Assoc Request 16:00:07.002099 Assoc Request 16:00:11.342169 Assoc Request These seems to be wlan-frames? Ah yes one thing, I have an ath0 and wifi0-interface, both related to myatheros-card?Gruss Christian -------- Original-Nachricht --------Datum: Fri, 15 Feb 2008 08:49:10 -0600 (CST) Von: alexander medvedev <alexm () pycckue org> An: tcpdump-workers () lists tcpdump org Betreff: Re: [tcpdump-workers] problem while examinate 802.11-packetsChristian, what happens, if you listen on the interface using tcpdump? do you get 802.11 frames or do you get ethernet frames? i.e. is RFMON on? -alexm 08:47 15/02/2008 On Fri, 15 Feb 2008, Christian Stalp wrote:In the mean time I found some hint. I did not told you that my program is multithreaded, because Ithoughtit doesn't matter. Accidentally I was stumble over the function "ether_ntoa_r".So I changed my capture-function (which is called by a thread!) tothis:void packet_default(u_char *args, const struct pcap_pkthdr *header,const u_char *packet){ char insertvalues[256]; char insertbuffer[256]; memset (insertvalues, 0x0, 256 ); memset (insertbuffer, 0x0, 256 ); struct ether_header *ethprt; ethprt = (struct ether_header *) packet; snprintf(insertvalues,255, "default-s: %s",ether_ntoa_r((structether_addr*) (ethprt->ether_shost), insertbuffer ));printf("%s\n", insertvalues); } But the result is the same. Its still the first four fields of myMAC-address but the final two are still trash.Gruss Christian -------- Original-Nachricht --------Datum: Thu, 14 Feb 2008 10:51:25 -0800 Von: Guy Harris <guy () alum mit edu> An: tcpdump-workers () lists tcpdump org Betreff: Re: [tcpdump-workers] problem while examinate802.11-packetsChristian Stalp wrote:And now the first weired thing: if I check my interface forethernetit passes, if I check for wlan it fails!I infer from the name "ath0" that this is *BSD. If so, then all 802.11 devices default to providing Ethernetheaders,for compatibility with applications that don't know about 802.11.Youhave to explicitly ask it for 802.11 headers; usepcap_list_datalinks()to get a list of all the link-layer types the device supports and,ifthat list includes DLT_IEEE80211, use pcap_set_datalink() to setthelink-layer type to that value.wptr = (struct ieee_802_11_header *) packet;That won't work unless you set the link-layer type toDLT_IEEE80211.Note also that, on at least some Atheros devices, there's anadditionalproblem - if you ask them to supply 802.11 headers, they stick insomeextra padding between the 802.11 header and the frame body. Tohandlethat, you need to request the radiotap header, if available - DLT_IEEE80211_RADIO - and parse the radiotap header to see if the padding is included.I also tried this with casting to ethernet-frames but came outwiththe same result.I.e., you cast the packet pointer to a pointer to a structure suchasstruct ether_header { __u8 dst[6]; __u8 src[6]; _u16 type_len; }; and "dst" and "src" aren't correct MAC addreses? - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.-- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.-- Psst! Geheimtipp: Online Games kostenlos spielen bei den GMX Free Games! http://games.entertainment.web.de/de/entertainment/games/free - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
-- Psst! Geheimtipp: Online Games kostenlos spielen bei den GMX Free Games! http://games.entertainment.web.de/de/entertainment/games/free - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: problem while examinate 802.11-packets, (continued)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stålp (Feb 16)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 16)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 17)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 16)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 16)
- Re: problem while examinate 802.11-packets alexander medvedev (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 15)
- Re: problem while examinate 802.11-packets alexander medvedev (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 15)
- Re: problem while examinate 802.11-packets Eloy Paris (Feb 15)