Wireshark · Wireshark-dev: Re: [Wireshark-dev] Does it make any sense to supply Radiotap + 802.11 headers for packets captured

Wireshark-dev: Re: [Wireshark-dev] Does it make any sense to supply Radiotap + 802.11 headers f

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 19 Apr 2016 09:31:15 -0700

On Apr 19, 2016, at 7:07 AM, Yang Luo <hsluoyb@xxxxxxxxx> wrote:

> I want to know does this 3) option make any sense to anyone? How does Linux handle this? I want to keep the same behavior with Linux.

What Linux does for mac80211 drivers (which I think the majority of drivers are) is

	1) fake Ethernet packets when not in monitor mode

	2) 802.11 packets with radiotap headers in monitor mode.

OS X is similar, although the drivers may offer choices other than radiotap for radio metadata headers in monitor mode (and offer "raw IP" in both modes, just for the lulz).

At least at one point at least some *BSDs could provide 802.11 packets when not in monitor mode, but the way FreeBSD, at least, handles monitor mode changed at some point, and I haven't had time to look at it yet - they may only offer 802.11 packets in monitor mode now.

References:
- [Wireshark-dev] Does it make any sense to supply Radiotap + 802.11 headers for packets captured on wireless adapter for managed mode?
  - From: Yang Luo

Prev by Date: [Wireshark-dev] Build failing on SUSE 11.3
Next by Date: Re: [Wireshark-dev] Does it make any sense to supply Radiotap + 802.11 headers for packets captured on wireless adapter for managed mode?
Previous by thread: Re: [Wireshark-dev] Does it make any sense to supply Radiotap + 802.11 headers for packets captured on wireless adapter for managed mode?
Next by thread: [Wireshark-dev] Build failing on SUSE 11.3
Index(es):
- Date
- Thread