Some drivers definitely change the format of the radiotap packets on the fly in
the same stream. As Guy says, you need to look at the bit field in the header
and parse the complex header. If all you care about is the dot11 header you can
just skip the header using the length field.
Also
abhinav narain abhinavnarai...@gmail.com wrote:
I wanted to know how much percentage of the original wireless traffic do I
lose when I am sniffing on monitor interfaces ?
pcap statistics show me no packet loss, but I wanted to know, if the
virtual interfaces( phy{0,1}) itself gave me all the
by conversation.
Also check the site for Sharkfest and look at some of the presentations
from this year - I forget who gave it, but there was at least one about
identifying network problems via tcp analysis inside wireshark.
http://www.cacetech.com/sharkfest.09/
-m
--
Mike Kershaw/Dragorn drag
). Testing
with tcpdump for sake of simplicity:
drag...@drd1813 ~/src/libpcap $ tcpdump -V
tcpdump version 4.1-PRE-CVS_2009_06_22
libpcap version 1.1-PRE-CVS
Kernel 2.6.30, I can check config details if they're relevant.
-m
--
Mike Kershaw/Dragorn drag...@kismetwireless.net
GPG Fingerprint: 3546
the top
of my head. Rtap and PPI are variable-length headers.
-m
--
Mike Kershaw/Dragorn drag...@kismetwireless.net
GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1
Q. What does the toothfairy do with all my teeth?
A. She's building another You. Once she has all your teeth, she'll
, not in normal operation mode. This
means my tests weren't waiting for ACK sequences to complete in the
firmware to rx data, etc.
-m
--
Mike Kershaw/Dragorn [EMAIL PROTECTED]
GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1
Some people call them cars or trucks; I call them
the default
# of bytes is for tcpdump to process.
-m
--
Mike Kershaw/Dragorn [EMAIL PROTECTED]
GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1
Know the rules other people live by. Know them well. Know them in the same
way terrorists know about cars: so that you know where to put
is run by
the IBM team doing the centrino drivers.
And theres a competing complete layer.
It's sort of a mess.
-m
--
Mike Kershaw/Dragorn [EMAIL PROTECTED]
GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1
!*''# Waka waka bang splat tick tick hash
[EMAIL
and promiscuous mode?
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
!DSPAM:4369640d189091249270289!
--
Mike Kershaw/Dragorn [EMAIL PROTECTED]
GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1
TRANSLATE(:SITE,'pLA','Place','.')
returns the value
before merging, let me know and I'll post it again once the
arphrd is officially ours.
-m
--
Mike Kershaw/Dragorn [EMAIL PROTECTED]
GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1
Be different: conform.
--- pcap-linux.c2004-10-19 03:06:12.0 -0400
+++ ../libpcap
I've been working on bringing the radiotap headers to Linux so that
we'll finally have a kernel-level multi-platform consistent way to get
signal data on wireless cards.
Part of the argument which has arisen is about the 64byte static
container that the radiotap headers define to put the
Well, yes. :) I still have to get my patches accepted to the ieee80211
branch, merged into the kernel, and then all the driver patches done and
accepted. It's a step in the right direction tho.
If you're working on the FreeBSD Aironet driver, you might want to look
at the versions from
My proposal would be to introduce a magic string (like remote://1234),
that makes libpcap listen on UDP port 1234. The remote capture
application can connect and send the data in libpcap format. Because
UDP is connectionless, I might add some special logic for the file
header. As a result, it
If it was discussed on this list: my apoligies, I could not find a
recent archive. Maybe you can send me a copy of the discussion.
It was, a while ago, I'm sorry though, I meant I'd been discussing it
with people on IRC just last night.
I am a big fan of KISS, and my UDP based solution is
...although having it in libpcap does mean that applications might, in
theory, be able to capture remotely without having to be changed.
Yeah, that would definitely be nice.
However, if authentication is required for remote capture - which I
suspect a lot of sites would want - that might
I want to add a feature where someone can connect and use a
network-interface of a remote computer to capture data. As ronnie
sahlberg has already pointed out in the ethereal list,
authentication and athoriztion should be one of the topics there. For
sure the will be several more issues.
PHY control frames are usually formatted very strangly. They don't
contain the standard 3 or 4 address set, they contain only the receiver
address.
You can't filter ACKs based on transmitting AP, it's not part of the
frame.
-m
tcpdump do captures ACK subtype(one of the Control Frame) frames
17 matches
Mail list logo