On Dec 11, 2011, at 4:10 PM, abhinav narain wrote:
>> It sniffs for beacons by using bpf filter and keeps a per AP record of
>>> packet count etc in a table.
>>
>> So if that's all you're doing, you presumably don't have your own buffer
>> for packets; when you say "I already have 15% RAM being eaten by the
>> program, so I can't actually increase the buffer size to save packets in
>> between select switches.", are you referring to the buffer in libpcap
>> itself, as specified by pcap_set_buffer_size()?
>>
> Yes, I havent user the pcap_set_buffer_size(), but in open_live() , i give
> the buffersize as BUFSIZ,
There is no buffer size option in pcap_open_live(), so you *can't* give the
buffer size in a pcap_open_live() call.
>> One way to identify a beacon frame from an 802.11n-capable AP is to look
>> for the HT Capabilities Info field; see "7.3.2.56.2 HT Capabilities Info
>> field" in the 802.11 spec.
>>
> Is this is information in the radiotap header
No.
> or the mac header ?
No.
It's in the management frame body. See sections 7.1, 7.2, and 7.3 of the
802.11 standard:
http://standards.ieee.org/getieee802/download/802.11-2007.pdf
and of the 802.11n standard:
http://standards.ieee.org/getieee802/download/802.11n-2009.pdf
> I looked at wireshark code which is the only tool i came across giving some
> information on N protocol, but its code is more complicated than
> pcap,tcpdump,kismet,horst i went through before.
> Is there any other tool i can see how to code it.
None that I know of.
> I am parsing till the 31st bit on radiotap header bitmap.
> Any code base where I can see how they do it ?
None of this is in the radiotap header! It's in the body of a management
frame.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
