Posted by:dragorn
Subject:Using dumpfile_pcap in a plugin
Date:01:06:30 24/08/2010

> Debugging it, the handler is returning when it checks if(chunk->dlt != dlt). The packet I'm handing it is 802.11 and the handler is ppi, but I'm not sure how to get the packet in ppi form from the chain.

You won't get it in PPI format. You need to create a PPI header yourself, like dumpfile_pcap does.

You can attach to the existing dumpfile ppi generation using the PPI callbacks in dumpfile_pcap, look at the spectool plugin for examples.

Almost nothing generates PPI natively (airpcap on windows is it). Kismet generates the PPI header out of the translated headers from whatever it got.

