libpcap

I'm working throurgh a project with pcap and wireless. Following an example posted in response to oe of my earlier questions I am trying to extract the mac addresses from wireless frames. I have created structures for the radiotap header and a basic management frame. For some reason when it comes to trying to output the mac addresses I am printing out the wrong data. When I compare to wireshark I don't see why the radio tap data is printing out correctly but the mac addresses are not. I don't see any additional padding in the hex dump that wireshark displays when i look at the packets and

I have captured a TCP packet using libpcap, and I want to send this whole packet(without modifying it) to a specific port on another host(which has another sniffer listening to that port). Is there any way I can do this? Thanks a lot! m0skit0 You didn't specify which programming language you're using and what you've tried so far. Change the IP address field to the target IP and the TCP port field to the port you want. Don't forget to update both checksums. If what you want is TCP forwarding, the Linux kernel already does this for you . Chris Hinshaw netcat may work in this case although I

I'm having an issue where by pcap_datalink() is always returning 1 . To my understanding this is LINKTYPE_ETHERNET . But, the device I am using is a wireless card and in my case en0 . This is stopping me from putting the card into monitor mode, and stopping my WLAN filters from working. I've tried to run this on both OSX and Linux with the same results. I also run as root. Here's the part of my code that's causing the problem. For the example, assume dev is set to en0 (wireless device on Mac). #include <stdio.h> #include <pcap.h> #include <stdlib.h> int main(int argc, char *argv[]) { pcap_t

I am trying to convert hping3 to hping6. hping3 uses Pcap library to receive IPv4 packets. But I need to receive IPv6 packets. That is possible. libpcap is able to catch anything on the wire. Example using ETHERTYPE_IPV6 : static u_int16_t ether_packet(u_char *args, const struct pcap_pkthdr *pkthdr, co nst u_char *p) { struct ether_header *eptr = (struct ether_header*)p; assert(pkthdr->caplen <= pkthdr->len); assert(pkthdr->caplen >= sizeof(struct ether_header)); return eptr->ether_type; } // This is the callback. assumes ethernet frame. static void pcap_callback(u_char *args,const struct pcap

Problem Statement Calling pcap_activate() results in PCAP_ERR_RFMON_NOTSUP error, i.e. RF monitor mode is not supported. Context I'm writing small C program whose job is to listen on my laptop's wifi card in monitor mode. The laptop is running Ubuntu 12.04 LTS. I ran airmon-ng start wlan0 command after which mon0 interface appeared. Following shows output of iwconfig command after running the airmon command: $ iwconfig mon0 IEEE 802.11bgn Mode:Monitor Tx-Power=16 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off eth0 no wireless extensions. lo no wireless extensions.