Kismet Wireless

Kismet Forums

 

Posted by:arvindt
Subject:Debugging "PCAP radiotap converter got corrupted Radiotap header length"
Date:16:20:09 08/04/2012

Hello dragorn,

Appreciate your help so far. I did a checkout of lorcon using:

git clone https://code.google.com/p/lorcon/

And have built the library. However, I am not sure how to use the packet crafting methods in lorcon --- the lorcon_packet.h file appears to have a method to take a raw byte stream, or convert from 802.3 or pcap, but not construct the packet myself.

Could you point me to documentation on how to craft packets with lorcon, or point me to which methods to use? Thanks a lot and appreciate your help!

> Thanks dragorn.. I'll check out lorcon.
>
> I suspect it might be some endian-ness issue with my packet formatting on MIPS.
>
> > > Hi all,
> > >
> >
> > > I ran this program trying to send a data packet to the other computer via the mon0 interface while keeping kismet-server running in the background on mon0. It appears to see the packet each time, but thinks its wrongly formatted, giving me the following error:
> > >
> > > "PCAP radiotap converter got corrupted Radiotap header length"
> > >
> > > It would appear I'm not formatting my raw packet correctly, but I can't see where I'm going wrong (the C code I'm using dumps out packets that appear to adhere to the radiotap and 802.11 format, which I've verified by doing a hex dump of the packets).
> > >
> > > Any ideas what the problem might be, or if there is a way to use kismet to get further insight? Should I be using the mon0 interface to send raw WiFi packets, or some other "raw" version of the interface?
> >
> > Short answer - use lorcon? It's meant to handle all of that.
> >
> > Long answer, I don't have the time to go through your radiotap header generation right now. When you write packets via a raw socket they show up to other monitoring interfaces; while kismet should handle it fine, either your header is corrupt, or so minimal that kismet is throwing it out because it doesn't make sense.
> >
> > I'd try putting it through wireshark and checking more closely, or using lorcon.


Reply to this message