Guy Harris wrote:
Note that this means that your filter expression "wlan[0:2] & 0xF1 !=
0" will be checking the first two octets of the destination MAC
address, as that's what the first two octets of the link-layer header
are. (Yes, you said "wlan", but "wlan" is just another name for
"link" in that case, just as "ether" is, and "link[0:2]" - and thus
"ether[0:2]", "wlan[0:2]", "fddi[0:2]", etc. - refers to the first two
octets of the link-layer header, regardless of whether it's an
Ethernet header or an 802.11 header or an FDDI header or a ppp header
or....)
There is no way to check the frame control field of incoming packets
unless the incoming packets have 802.11 headers rather than Ethernet
headers...
Argh, thats are very very sad news. That dumps all my ideas. My project
was to track the retry field and in case of a dramitical increase switch
over to the monitor mode, and see what wrong. Maybe you see some
pattern, some events? My idea was to obserse which station in the bss
has the most troubble while transmission.
Is there really now way to track these information from the fake
ethernet-frames? I allready checked the functions of iwlib but these are
just related to the local interface.
<http://dict.leo.org/ende?lp=ende&p=eL4jU.&search=increase>
...and with most Linux 802.11 drivers the *ONLY* way to get 802.11
headers, as far as I know, is to capture in monitor mode. (The
Atheros driver you're using might be different - it's already
different in that
1) it doesn't call the device "eth0", it calls it "ath0"
yes this confused me also the first time. But the real target of my
project is the broadcom-chip. This means this is thought to become a
daemon on a openwrt-AP. And now that become more complex that I thought.
If I consider how laborious it is to send atheros (madwifi) into monitor
modus. This is not done with simple "iwconfig ath0 mode monitor", no you
have to create a monitor VAP first. I hope this is not something I need
with broadcom. I don't know how to manage this with functions of the
iwlib. I hope this will work.*
***
and
2) it appears to advertise a *second* device, the "wifi0" device,
for capturing in monitor mode.)
This seems to be something like virtual AP, I don't know exactly the
purpose of that interface and why its created by default. But its the
only interface which I can select with wireshark witout hanging.
Gruss Christian
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
