struct mgmt_header_t {
u_int16_t fc; /* 2 bytes */
u_int16_t duration; /* 2 bytes */
u_int8_t da[6]; /* 6 bytes */
u_int8_t sa[6]; /* 6 bytes */
u_int8_t bssid[6]; /* 6 bytes */
u_int16_t seq_ctrl; /* 2 bytes */
};
void my_callback(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
//printf("********* New Packet Arrived *********\n");
//printf("Jacked a packet with length [%d]\n", header->len);
struct mgmt_header_t *mac_header = (struct mgmt_header_t *) (packet+24);
if (mac_header->fc > 255 )
printf("comon");
我知道 mac_header 在正确的位置,因为我从中获取 mac 地址并且它们是正确的,但问题在于 fc 它永远不会大于 255,所以左字节始终为零
更新:
我想我现在明白了,谢谢 guy 和 ott-- 供引用,这是我的完整示例 http://pcap-wireless.blogspot.com/2011/11/post-2-80211-mac-header.html
最佳答案
引用 IEEE Std 802.11-2007 的第 7.1.1 节“约定” :
In figures, all bits within fields are numbered, from 0 to k, where the length of the field is k + 1 bits. The octet boundaries within a field can be obtained by taking the bit numbers of the field modulo 8. Octets within numeric fields that are longer than a single octet are depicted in increasing order of significance, from lowest numbered bit to highest numbered bit. The octets in fields longer than a single octet are sent to the PLCP in order from the octet containing the lowest numbered bits to the octet containing the highest numbered bits.
“字段中比单个八位组长的八位组按从包含最低编号位的八位组到包含最高编号位的八位组的顺序发送到 PLCP。”意味着字段以little-endian 顺序传输,而不是big-endian 顺序。因此,值为 0x0080 的 16 位字段将作为值为 0x80 的八位字节(字节)后跟值为 0x00 的八位字节传输。
这意味着在 Wiretap 十六进制转储中,您将看到 80 00,但这意味着 0x0080,而不是 0x8000。
顺便说一句,请注意 radiotap header不保证是 24 字节长; header 包含一个(小端)长度字段,指定 header 的长度。
关于C pcap 802.11 header ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8111182/