Processing wireless frames with pcap

Question

I am working on a project that involves interacting with the data in 802.11 frames. I am using libpcap 1.0. I have written code from most of the tutorials on the website as well as online that i could find , but most are geared towards sniffing over ethernet. I am using a mac for my packet captures. Does anyone know of a resource i could use as a guide for sniffing wireless frames and extracting data. I have some experience with c/c++ but am not an expert and just need a place to start with understanding the differences involved with processing the 802.11 frames with pcap.

Thanks for any help

Answer 1

If you are using linux environment, you should use libpcap library available at http://www.tcpdump.org
and use the manual given on http://www.tcpdump.org/manpages/tcpdump.1.html.

You won't need any tutorials if you read above manual page. Still you can see a classic example to read packets from a network interface given on http://yuba.stanford.edu/~casado/pcap/section1.html

If you are working on windows, you can use Winpcap and use http://www.winpcap.org/docs/ to understand its functions.

But I will highly suggest Jnetpcap (http://jnetpcap.com) library if you know Java.

Answer 2

tcpdump Pcap tutorial Processing incorrect mac addresses from 802.11 frames with pcap has some related info on some pitfalls I encountered when processing frames by incorrectly using the pcap api's and issues caused by the radiotap headers as well. Another tutorial.

Hopefully these help.

Answer 3

I was searching for the same thing ;) then I wrote about it http://pcap-wireless.blogspot.com/2011/11/post-1.html