tcpdump mailing list archives
Re: problem while examinate 802.11-packets
From: Christian Stalp <christian.stalp () gmx de>
Date: Sun, 17 Feb 2008 20:20:13 +0100
Guy Harris wrote:
No iwconfig ath0 mode monitor did not work. I got something like that: Error for wireless request "Set Mode" (8B06) :No, there's no way to track, for example, the Retry flag in the Frame Control field; the only packets you'll see outside of monitor mode are data frames, and the frame control field will be discarded - there's no place to put that information in a fake Ethernet header.So that command doesn't work? The page at http://madwifi.org/wiki/UserDocs/MonitorMode saysTo create a monitor mode VAP, see: UserDocs/MonitorModeInterface. After that, it won't be necessary to use the command iwconfig ath0 mode monitor.which sounds as if it's saying that you *can* create a monitor mode virtual access point, but that you don't have to - if you create one, you don't have to do "iwconfig ath0 mode monitor", which seems to imply that you could also do "iwconfig ath0 mode monitor".
SET failed on device ath0 ; Invalid argument.But with the command above: "wlanconfig ath1 create wlandev wifi0 wlanmode *monitor*"
it worked. But my program couldn't access to that ath1. Thought the if-brach in my code if (pcap_datalink(handle) != DLT_IEEE802_11) { perror("is not an WLAN\n"); exit(EXIT_FAILURE); }it fails here. It was only possible to open the wifi0-interface with my program. But the MAC-Adresses are still now valuable, they are still fragmented. The first four fields match to the MAC-address of my Atheros-Card the final two were still trash. Means: I changed now to the monitor mode (which I can assure myself by calling iwconfig) but I have the same problem
A little bit other situation I had with the broadcom-device on my LinksysWRT. There I could invoke "iwconfig wl0 mode monitor", and it worked. I checked this by calling iwconfig again. wl0 was really in monitor-mode. But here I had really no chance to get the program running over that if-brach (with DLT_IEEE802_11). Means the program still doesn't recognize that this a wlan-interface and of course I did not get the proper MAC-addresses
:-( This is very sad. How can anybody sniff a wlan-traffic? Gruss Christian - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- problem while examinate 802.11-packets Christian Stalp (Feb 14)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 14)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 15)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stålp (Feb 16)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 16)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 17)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 16)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 16)
- Re: problem while examinate 802.11-packets Guy Harris (Feb 14)
- Re: problem while examinate 802.11-packets alexander medvedev (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 15)
- Re: problem while examinate 802.11-packets alexander medvedev (Feb 15)
- Re: problem while examinate 802.11-packets Christian Stalp (Feb 15)
- Re: problem while examinate 802.11-packets Eloy Paris (Feb 15)