On Fri, Jul 23, 2004 at 06:09:39PM -0800, Tejas Kokje wrote: > In /usr/include/linux/802_11.h 802.11 header is given as > > struct ieee_802_11_header { > u16 frame_control;// needs to be subtyped > u16 duration; > u8 mac1[6]; > u8 mac2[6]; > u8 mac3[6]; > u16 SeqCtl; > u8 mac4[6]; > u16 gapLen; > u8 gap[8]; > }; > > Now I don't understand the meaning of last two fields. Those fields > don't appear in 802.11 MAC frame specification.
They look like the last two fields in the header of packets supplied by a Cisco Aironet card to the host if the Aironet card is configured to supply 802.11 frames, rather than fake Ethernet frames, to the host. I don't know why the Linux structure in question has that in there. A search through the 2.6.0-test9 kernel I have the source for (for reference; my machines mainly run either FreeBSD or the BSD from Cupertino) doesn't find any references to it, just the definition. > How can I scrape out IP header on 802.11 LAN. If you are capturing on a device that has a link-layer type of DLT_IEEE802_11, you would: 1) look at the frame control field to see whether it's a data frame or not; 2) if it isn't, ignore it (it's not going to be an IP packet), and if it is, look at the frame control frame to see whether it's a 3-address or 4-address frame and if it's a QoS frame (I think that's an 802.11e feature) and: if it's a 3-address frame, set the header length to 24; if it's a 4-address frame, set the header length to 30; and if it's a QoS frame, add 2 to the length; 3) skip that number of bytes past the beginning of the frame to get to the 802.11 payload, i.e. to the 802.2 header; 4) check whether the DSAP and SSAP fields of the 802.2 header are both 0xAA (for SNAP), the control field is 0x03, the next 3 bytes after it (the SNAP OUI) are 0x00 0x00 0x00, and the next two bytes after that are 0x0800 (for IPv4) or 0x86dd (for IPv6); 5) if it's IPv4 or IPv6, skip over the 3-byte 802.2 header and the 5-byte SNAP header to get to the 802.2+SNAP payload, i.e. to the IP header. > Do libpcap have functions to directly get IP header in 802.11 frame. No - libpcap doesn't include code to dissect packets; that's left up to the application using it. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.