tcpdump mailing list archives

Re: capturing on both interfaces simultaneously

From: abhinav narain <abhinavnarain10 () gmail com>
Date: Mon, 12 Dec 2011 04:36:38 -0500

itself, as specified by pcap_set_buffer_size()?

Yes, I havent user the pcap_set_buffer_size(), but in open_live() , i

give the buffersize as BUFSIZ,


There is no buffer size option in pcap_open_live(), so you *can't* give
the buffer size in a pcap_open_live() call.

I can't find any default buffer size in pcap,How can I know that it is

goodenough when I am doing select

One way to identify a beacon frame from an 802.11n-capable AP is to look
for the HT Capabilities Info field; see "7.3.2.56.2 HT Capabilities Info
field" in the 802.11 spec.

Is this is information in the radiotap header

No.

or the mac header ?


No.

It's in the management frame body.  See sections 7.1, 7.2, and 7.3 of the
802.11 standard:

       http://standards.ieee.org/getieee802/download/802.11-2007.pdf

and of the 802.11n standard:

       http://standards.ieee.org/getieee802/download/802.11n-2009.pdf

Thanks for the resources!

I am doing similar to tcpdump code to use 7.3.1.4 to detect ESS,IBSS,
PRIVACY bits on in beacon frame. The structure is in 2007 pdf.

Now, the 802.11n pdf describes the capabilty structure (2 bytes) with
totally different field !
7.3.2.56.2 show different format of Capabilities section.
I have a pointer to capabilty section, I am not sure how to check the
protocol n is advertised by the AP

I looked at wireshark code which is the only tool i came across giving

some

information on N protocol, but its code is more complicated than
pcap,tcpdump,kismet,horst i went through before.
Is there any other tool i can see how to code it.


None that I know of.

I am parsing till the 31st bit on radiotap header bitmap.
Any code base where I can see how they do it ?


None of this is in the radiotap header!  It's in the body of a management
frame.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Re: capturing on both interfaces simultaneously, (continued)
- - - Re: capturing on both interfaces simultaneously abhinav narain (Dec 11)
    - Re: capturing on both interfaces simultaneously Gianluca Varenni (Dec 11)
    - Re: capturing on both interfaces simultaneously abhinav narain (Dec 12)
    - Re: capturing on both interfaces simultaneously Guy Harris (Dec 12)
    - Re: capturing on both interfaces simultaneously abhinav narain (Dec 12)
    - Re: capturing on both interfaces simultaneously Guy Harris (Dec 12)
    - Re: capturing on both interfaces simultaneously dragorn (Dec 12)
    - Re: capturing on both interfaces simultaneously Guy Harris (Dec 12)
    - Re: capturing on both interfaces simultaneously abhinav narain (Dec 15)
    - Re: capturing on both interfaces simultaneously Guy Harris (Dec 11)
    - Re: capturing on both interfaces simultaneously abhinav narain (Dec 12)
    - Re: capturing on both interfaces simultaneously Guy Harris (Dec 12)
    - Re: capturing on both interfaces simultaneously David Laight (Dec 12)
    - Re: capturing on both interfaces simultaneously Guy Harris (Dec 12)
    - Re: capturing on both interfaces simultaneously Guy Harris (Dec 12)
    - Re: capturing on both interfaces simultaneously David Laight (Dec 13)
    - Re: capturing on both interfaces simultaneously David Laight (Dec 13)
    - Re: capturing on both interfaces simultaneously David Laight (Dec 13)
    - Re: capturing on both interfaces simultaneously Guy Harris (Dec 10)
    - Re: capturing on both interfaces simultaneously abhinav narain (Dec 10)
    - Re: capturing on both interfaces simultaneously Guy Harris (Dec 10)

(Thread continues...)