[Bro] 802.11 link headers?
Dan Klinedinst
dklinedinst at lbl.gov
Mon Aug 1 16:56:22 PDT 2011
All,
I dumped a bunch of packets off a wireless network to a pcap file.
tcpdump says the link-type is IEEE802_11_RADIO. If I try to run Bro
against the file, I get "unknown data link type 0x7f". I assume this
means Bro doesn't understand the link layer data, since it's not
Ethernet.
[Error is from PktSrc.cc PktSrc::SetHdrSize()]
So, is there a way to tell Bro to just ignore the link layer? Or
would it then not know where the layer 3 data starts? And if there is
not, anyone know a tool that will strip the 802.11 headers and replace
them with fake Ethernet headers so I can use Bro on the traffic??
Thanks
Dan
--
Dan Klinedinst
Lawrence Berkeley National Laboratory
510.486.4219
dklinedinst at lbl.gov
More information about the Bro
mailing list