Greetings, I know this list is mostly for developers, but since there is no list for general tcpdump usage I will post my newbie question here for which I apologize. I am trying to capture only data packets from a 802.11b stream (no beacons, no control frames). Pages 50 and 51 of http://standards.ieee.org/getieee802/download/802.11-1999.pdf lead me to believe that I am looking for a packet with the first byte being 0001xxxx (in table 1 on page 51 the bit positions are listed in descending order). Hence I apply a filter 'wlan[0] & 0xF0 = 0x10' and I get nothing out. I try to capture beacons only (0000xxxx) so I do 'wlan[0] & 0xF0 = 0x0' I get nothing again. I do 'wlan[0] & 0x0F = 0x0' and I get beacons, however if I do 'wlan[0] & 0x0F = 0x1' I still don't get anything. Why this behavior? I understand somewhat the idea of endianness, however I suspect I am missing on something more trivial.
Thank you for your time Peter - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
