Date: Wed, 3 Apr 2002 13:58:25 -0800 (PST) From: Doug Ambrisko <ambrisko@ambrisko.com> To: Sameh Ghane <sw@anthologeek.net> Cc: Doug Ambrisko <ambrisko@ambrisko.com>, Brooks Davis <brooks@one-eyed-alien.net>, "M. Warner Losh" <imp@village.org>, will@csociety.org, mobile@FreeBSD.ORG Subject: Re: bsd airtools for current, kernel patches Message-ID: <200204032158.g33LwPP62893@ambrisko.com> In-Reply-To: <20020403213337.A60018@anthologeek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Sameh Ghane writes:
| Le (On) Wed, Apr 03, 2002 at 09:07:53AM -0800, Doug Ambrisko ecrivit (wrote):
| > | >
| > | > Why is there no generic API for accessing wireless cards ? Are they all that
| > | > much different ?
| > |
| > | You can snoop raw frames with the Aironet cards by setting the
| > | appropriate monitor mode in ancontrol. Most of these tools should be
| > | fairly straight forward to modify to use libpcap to get frames.
|
| I compiled libcap and tcpdump 7 to have 802.11b frames support, and never
| managed to get useful output.
I think you can just use the standard libpcap in FreeBSD -stable. You
should run -stable to get the latest Aironet changes. Then do a
ancontrol -M 3 for example.
If you use dhclient to get you IP address then kill it. It gets very
upset when it starts seeing 802.11 frames and syslogs you to death about
it! Also in RFMON mode you can't transmit or receive packets to your
host.
| > The only caveat is that the Aironet card won't pass up WEP key information
| > so you can't do wep crack or decrypt raw packets with the card doing the
| > work. Only the onboard hardware/firmware can do this. This seems to be
| > confirmed by the Linux users. I had to do a slight patch to Ethereal/
| > tcpdump to ignore the WEP key part of the packet and then the disectors
| > could follow the data in the packet and follow various streams. Hmm I
| > wonder if I should lie and fake up WEP part so it really looks more like
| > a real 802.11 frame? This is useful for seeing what strange clients
| > are doing.
|
| May I try your patch ? It could help me get helpful output from tcpdump.
Here is a change for ethereal (relative to the CVS version but should
work in other 802.11 aware versions:
Index: packet-ieee80211.c
===================================================================
RCS file: /cvsroot/ethereal/packet-ieee80211.c,v
retrieving revision 1.44
diff -1 -0 -u -r1.44 packet-ieee80211.c
--- packet-ieee80211.c 2001/11/28 07:11:07 1.44
+++ packet-ieee80211.c 2002/04/03 21:51:51
@@ -1446,21 +1446,20 @@
* and subtract the length of the WEP CRC from pkt_len.
*/
if (cap_len >= pkt_len)
cap_len -= 4;
else if ((pkt_len - cap_len) >= 1 && (pkt_len - cap_len) <= 3)
cap_len -= 4 - (pkt_len - cap_len);
pkt_len -= 4;
if (cap_len > 0 && pkt_len > 0)
call_dissector(data_handle,tvb_new_subset(tvb, hdr_len + 4, -1,tvb_reported_length_remaining(tvb,hdr_len + 4)),pinfo, tree);
}
- return;
}
/*
* Now dissect the body of a non-WEP-encrypted frame.
*/
next_tvb = tvb_new_subset (tvb, hdr_len, -1, -1);
switch (COOK_FRAME_TYPE (fcf))
{
case MGT_FRAME:
and for tcpdump again from the CVS version:
Index: print-802_11.c
===================================================================
RCS file: /tcpdump/master/tcpdump/print-802_11.c,v
retrieving revision 1.6
diff -1 -0 -u -r1.6 print-802_11.c
--- print-802_11.c 2001/09/17 21:57:53 1.6
+++ print-802_11.c 2002/04/03 21:56:08
@@ -810,21 +810,21 @@
case T_CTRL:
if (!ctrl_body_print(fc, p - HEADER_LENGTH,
length + HEADER_LENGTH)) {
printf("[|802.11]");
goto out;
}
break;
case T_DATA:
/* There may be a problem w/ AP not having this bit set */
- if (FC_WEP(fc)) {
+ if (0 && FC_WEP(fc)) {
if (!wep_print(p,length)) {
printf("[|802.11]");
goto out;
}
} else {
if (llc_print(p, length, caplen, packetp + 10,
packetp + 4, &extracted_ethertype) == 0) {
/*
* Some kinds of LLC packet we cannot
* handle intelligently
Doug A.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-mobile" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204032158.g33LwPP62893>