On Tue, 5 Jun 2001, Bill Fenner wrote:
>
> > Well, it'd be nice to at least set off_linktype and off_nl correctly
> > so that libpcap could filter when the 802.11 header is included too.
>
> Yes, the problem with 802.11 is that it is a variable length header, so it
> may change in each packet. I haven't found a way that could make it work.
> Do you have any suggestion?
I have modified tcpdump to work w/ the "monitor mode" dump from Intersil chipset
802.11 cards.
I believe it outputs into a tcpdump format set to DLT_IEEE_80211.
I didn't do anything w/ libpcap, just decoding the packets , for beacon,
associations, data etc.
It works great for no-wep stuff.. I was waiting til i got my problems fixed w/
wep before submitting a patch.
The behavior i was seeing w/ an Apple Airport AP w/ WEP turned on
was that the privacy bit was not turned on, so the data payload would be passed up
to be decoded but it
was ciphertext. I assumed that the Airport made some assumptions that since he
knew that was WEP was turned on internally,
that it didn't need to check no stinking flag. I never got around to playing w/
another AP.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
