Question : Capturing a packet

Hi All,

I have written a small program using pcap library to capture packets through my WLAN interface i.e through eth1. This I am doing after connecting to the access network using my cisco card i.e after getting an IP address from the Access Point.

My question is can I able to capture packets using the same interface ie. eth1 but before getting an IP address from AP.

please let me know,

Aman.

Answer : Capturing a packet

Sure...

libpcap (winpcap too) puts the interface into promiscuous mode (assuming you have privledges - root - to do so).

In promiscuous mode, the layer 2 (Ethernet frame) capture logic grabs ALL frames, not just those addressed to the NIC (which would be those with the MAC address of the NIC + Broadcast). libpcap reads this buffer and so you have access to the entire packet stream.

You said "AP" - this leads me to guess you are talking about 802.11a/b/g. This is a little more complex. If WEP/WPA is turned on you may only get the layer 1, radio frame, because you won't have the decryption key.

The best bet (if you can) would be to look at some of the GPLed wireless sniffers for some code ideas.

-----Burton

Random Solutions

Setting up my own PC2Phone

Linksys Router and Westell Modem

Does Vista have a built in DHCP server?

serve dynamic content from weblogic

weblogic deploy using ant?

AT&T ruined my network settings, anything I can do to fix it?

how to migrate web application running in weblogic 7 into 10

Password Recovery on a D-Link DGS-3324SRi

Differnce between IEEE802.5 and IEEE 802.3?

Need Help Interpreting an E-Mail Message/Log