Subject: Re: 802.11 wireless and tcpdump
To: None <firstname.lastname@example.org>
From: Florian Stoehr <email@example.com>
Date: 03/10/2005 14:45:52
On Thu, 10 Mar 2005, Greg Troxel wrote:
> 802.11 drivers, and in particular ath(4) support different DLTs.
> tcpdump can list the available ones (-L) and choose one of them (-D in
> 1.6 and I think 2.0, -y in current).
> The default DLT for ath(4) is EN10MB, and 802.11 data packets are
> mapped to Ethernet format and then tapped. This mapping happens
> anyway since the packets are then passed to ether_input.
> With '-y IEEE802_11', you get the 802.11 packets. Further, you can
> put the card in monitor mode, which causes some packets that are
> normally processed in hardware to be handed to the host for
> inspection, but also prevents normal use.
> Greg Troxel <firstname.lastname@example.org>
I don't know whether this is what you want to achive, but perhaps
it can give a hint. It is how to sniff encrypted traffic and
analyze with aircrack (guess not exactly what you want), but
maybe the tcpdump line is of interest (I might be wrong):
NetBSD WEP Cracking Howto
ifconfig wi0 chan 6 (or whatever channel you want to monitor)
ifconfig wi0 ssid mywifinetworkname
ifconfig wi0 mediaopt monitor
tcpdump -s 0 -i wi0 -en -y IEEE802_11 -w myfile.pcap
perhaps comment out @ aircrack.c:
/* if( ( h80211 & 0x40 ) != 0x40 ) continue; */
Then use aircrack.
Btw, this text is not from me.