On Wednesday, July 16, 2003, at 7:53 AM, M. Onur ERGiN wrote:
I do the following:
/***********************************
int size_MAC; //size of the mac layer header (802.11
or ethernet)
if(strcmp(dev,"eth1")==0)
size_MAC = sizeof(struct ieee_802_11_header)+2;
else size_MAC = sizeof(struct ether_header);
Don't do that.
Instead, determine the link-layer header of packets supplied on an interface by asking libpcap what it is, by calling "pcap_datalink()". If it's DLT_EN10MB, it's an Ethernet header (yes, even if you're sniffing on an 802.11 device; see Alex Medvedev's reply to your message); if it's DLT_IEEE802_11, it's an 802.11 header (which, by the way, is not always the same length!); if it's something other than either of those, it's neither an Ethernet header nor an 802.11 header.
first, I cast the complete packet to a 802.11 header.
then I cast the rest to an ip header and the rest to a
udp header.
but when I try to get the very last one (which is
supposed to be the payload) I see nothing on the
screen using printf("%s...);
If the payload isn't text, printf("%s..."); isn't going to print it correctly - especially if the first byte of payload is zero, in which case printf("%s..."); isn't going to print *anything*.
If the payload *is* text, it's still not going to work correctly unless the captured packet data has a zero byte at the end of the text, which it won't necessarily have (it won't have it for HTTP, for example), unless you've put it there.
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
