[Bro] 802.11 link headers?

Dan Klinedinst dklinedinst at lbl.gov
Mon Aug 1 16:56:22 PDT 2011


All,
I dumped a bunch of packets off a wireless network to a pcap file.
tcpdump says the link-type is IEEE802_11_RADIO.  If I try to run Bro
against the file, I get "unknown data link type 0x7f".  I assume this
means Bro doesn't understand the link layer data, since it's not
Ethernet.

[Error is from PktSrc.cc PktSrc::SetHdrSize()]

So, is there a way to tell Bro to just ignore the link layer?  Or
would it then not know where the layer 3 data starts?  And if there is
not, anyone know a tool that will strip the 802.11 headers and replace
them with fake Ethernet headers so I can use Bro on the traffic??

Thanks
Dan

-- 
Dan Klinedinst
Lawrence Berkeley National Laboratory
510.486.4219
dklinedinst at lbl.gov



More information about the Bro mailing list