Adapting Arpsniff to 802.11
To adapt Arpsniff to capture information from a wireless packet-capture source, we need to make a few changes to the application logic. We assume the wireless device used in this example supports the AVS wireless capture format.
First of all, we need to specify the sizes of some of the additional frames captured:
/* ugly shortcuts - Defining our header types */ #define ETH_HEADER_SIZE 14 #define AVS_HEADER_SIZE 64 /* AVS capture header size */ #define DATA_80211_FRAME_SIZE 24 /* header for 802.11 data packet */ #define LLC_HEADER_SIZE 8 /* LLC frame for encapsulation */
We are specifying additional header sizes because of the additional headers our ARP packet has when capturing from a wireless source due to RFC 1042 IP encapsulation, as shown in Figure 10-4.
Figure 10-4. ARP packet format on 802.11 from an AVS capture source
To determine the type of packet embedded in the 802.11 packet, we
need to have a definition for the LLC header so that we can extract
the ether_type value:
/* SNAP LLC header format */
struct snap_header
{
u_int8_t dsap;
u_int8_t ssap;
u_int8_t ctl;
u_int16_t org;
u_int8_t org2;
u_int16_t ether_type; /* ethernet type */
} _ _attribute_ _ ((_ _packed_ _));Now we can alter the
process_packet
function to work with a captured
802.11 packet from an AVS wireless source:
/* callback function to process a packet when captured */ void process_packet ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
