Hello, thank you for your help.
I changed my capture-routine this way:
void packet_default(u_char *args, const struct pcap_pkthdr *header, const
u_char *packet)
{
char insertvalues[256];
memset (insertvalues, 0x0, 256 );
//struct ieee_802_11_header *wptr; //net/802_11.h
struct ether_header *ethprt;
if( ( ethprt = calloc(1, sizeof(struct ieee_802_11_header)) ) == NULL )
{
perror ("Error while allocating the 802_11-Struktur\n");
exit(EXIT_FAILURE);
}
ethprt = (struct ether_header *) packet;
snprintf(insertvalues,255, "default-s: %s",ether_ntoa((struct
ether_addr*)(ethprt->ether_shost)));
printf("%s\n", insertvalues);
snprintf(insertvalues,255, "default-s: %s",ether_ntoa((struct
ether_addr*)(ethprt->ether_dhost)));
printf("%s\n", insertvalues);
printf ("Habe Default-Packet empfangen!\n");
//mytraffic->num_frames++;
}
But the MAC-Adresses are still not usable. I mean the first four fields accords
to the actual MAC-Adress, but the last two fields are anything nonsence.
A yes, I want to note, that I use Linux not BSD.
Gruss Christian
-------- Original-Nachricht --------
> Datum: Thu, 14 Feb 2008 10:51:25 -0800
> Von: Guy Harris <[EMAIL PROTECTED]>
> An: [email protected]
> Betreff: Re: [tcpdump-workers] problem while examinate 802.11-packets
> Christian Stalp wrote:
>
> > And now the first weired thing: if I check my interface for ethernet
> > it passes, if I check for wlan it fails!
>
> I infer from the name "ath0" that this is *BSD.
>
> If so, then all 802.11 devices default to providing Ethernet headers,
> for compatibility with applications that don't know about 802.11. You
> have to explicitly ask it for 802.11 headers; use pcap_list_datalinks()
> to get a list of all the link-layer types the device supports and, if
> that list includes DLT_IEEE80211, use pcap_set_datalink() to set the
> link-layer type to that value.
>
> > wptr = (struct ieee_802_11_header *) packet;
>
> That won't work unless you set the link-layer type to DLT_IEEE80211.
>
> Note also that, on at least some Atheros devices, there's an additional
> problem - if you ask them to supply 802.11 headers, they stick in some
> extra padding between the 802.11 header and the frame body. To handle
> that, you need to request the radiotap header, if available -
> DLT_IEEE80211_RADIO - and parse the radiotap header to see if the
> padding is included.
>
> > I also tried this with casting to ethernet-frames but came out with
> > the same result.
>
> I.e., you cast the packet pointer to a pointer to a structure such as
>
> struct ether_header {
> __u8 dst[6];
> __u8 src[6];
> _u16 type_len;
> };
>
> and "dst" and "src" aren't correct MAC addreses?
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.
--
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
