tech-net: captured 802.11 packets

Subject: captured 802.11 packets
To: None <tech-net@netbsd.org>
From: David Young <dyoung@ojctech.com>
List: tech-net
Date: 09/09/2002 18:34:57
Witness 802.11 Data & Mgmt packets captured from wi(4) using tcpdump.
wi0 is running in hostap mode.  Patch for libpcap/tcpdump/wi coming soon.

> tcpdump -ne -D IEEE802_11 -i wi0

tcpdump: data link type DLT_IEEE802_11
tcpdump: listening on wi0
17:04:24.290579 BSSID:0:6:25:a7:1e:3a DA:0:30:65:15:46:38 SA:0:6:25:a7:1e:3a Disassociation: Disassociated due to inactivity
17:04:25.493409 BSSID:0:6:25:a7:1e:3a DA:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 Authentication (Open System)-1: Succesful
17:04:25.494136 BSSID:0:6:25:a7:1e:3a DA:0:30:65:15:46:38 SA:0:6:25:a7:1e:3a Authentication (Open System)-2: 
17:04:25.496047 BSSID:0:6:25:a7:1e:3a DA:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 Assoc Request (ojc) [1.0 2.0 5.5 11.0 Mbit]
17:04:25.496689 BSSID:0:6:25:a7:1e:3a DA:0:30:65:15:46:38 SA:0:6:25:a7:1e:3a Assoc Response AID(221) : PRIVACY : Succesful
17:04:28.305037 BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 DA:ff:ff:ff:ff:ff:ff 0.0.0.0.68 > 255.255.255.255.67:  xid:0x2d12dcfa ether 0:30:65:15:46:38 [|bootp]
17:04:28.305592 DA:ff:ff:ff:ff:ff:ff BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 0.0.0.0.68 > 255.255.255.255.67:  xid:0x2d12dcfa ether 0:30:65:15:46:38 [|bootp]
17:04:28.314034 DA:0:30:65:15:46:38 BSSID:0:6:25:a7:1e:3a SA:0:6:25:a7:1e:3a 192.168.1.1.67 > 192.168.1.110.68:  xid:0x2d12dcfa Y:192.168.1.110 S:192.168.1.1 ether 0:30:65:15:46:38 [|bootp] [tos 0x10] 
17:04:28.321262 DA:0:30:65:15:46:38 BSSID:0:6:25:a7:1e:3a SA:0:6:25:a7:1e:3a 192.168.1.1.67 > 192.168.1.110.68:  xid:0x2d12dcfa Y:192.168.1.110 S:192.168.1.1 ether 0:30:65:15:46:38 [|bootp] [tos 0x10] 
17:04:30.317250 BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 DA:ff:ff:ff:ff:ff:ff arp who-has 192.168.1.110 tell 0.0.0.0
17:04:30.317556 DA:ff:ff:ff:ff:ff:ff BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 arp who-has 192.168.1.110 tell 0.0.0.0
17:04:31.317504 BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 DA:ff:ff:ff:ff:ff:ff arp who-has 192.168.1.110 tell 0.0.0.0
17:04:31.317802 DA:ff:ff:ff:ff:ff:ff BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 arp who-has 192.168.1.110 tell 0.0.0.0
17:04:32.317880 BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 DA:ff:ff:ff:ff:ff:ff arp who-has 192.168.1.110 tell 0.0.0.0
17:04:32.318181 DA:ff:ff:ff:ff:ff:ff BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 arp who-has 192.168.1.110 tell 0.0.0.0
17:04:33.318238 BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 DA:ff:ff:ff:ff:ff:ff arp who-has 192.168.1.110 tell 192.168.1.110
17:04:33.318531 DA:ff:ff:ff:ff:ff:ff BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 arp who-has 192.168.1.110 tell 192.168.1.110
17:04:34.320426 BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 DA:ff:ff:ff:ff:ff:ff arp who-has 192.168.1.110 tell 192.168.1.110
17:04:34.320806 DA:ff:ff:ff:ff:ff:ff BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 arp who-has 192.168.1.110 tell 192.168.1.110
17:04:34.321364 BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 DA:ff:ff:ff:ff:ff:ff arp who-has 192.168.1.110 tell 192.168.1.110
17:04:34.321668 DA:ff:ff:ff:ff:ff:ff BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 arp who-has 192.168.1.110 tell 192.168.1.110
17:05:39.431930 BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 DA:ff:ff:ff:ff:ff:ff arp who-has 192.168.1.1 tell 192.168.1.110
17:05:39.432260 DA:ff:ff:ff:ff:ff:ff BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 arp who-has 192.168.1.1 tell 192.168.1.110
17:05:39.432851 DA:0:30:65:15:46:38 BSSID:0:6:25:a7:1e:3a SA:0:6:25:a7:1e:3a arp reply 192.168.1.1 is-at 0:6:25:a7:1e:3a
17:05:39.434984 BSSID:0:6:25:a7:1e:3a SA:0:30:65:15:46:38 DA:0:6:25:a7:1e:3a 192.168.1.102.123 > 17.254.0.31.123:  v4 client strat 0 poll 12 prec -18

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Engineering from the Right Brain
                        Urbana, IL * (217) 278-3933