eapol packets from 802.11 capture are not written properly to pcap file

[Joseph Beshay]

Hi,

First of all, thanks for such a well-written library!

I am trying to use the library to capture a number of eapol authentication packets on an 802.11 network and save them to a pcap file.

I have set the filter in the sniffer to: ether proto 0x888e and I use a packet writer with DataLinkType<RadioTap> to write all the packets that end up in the callback function. Unfortunately, the pcap doesn't have valid eapol packets. It has the right number of packets but they are interpreted as FC (Fiber Channel?) packets rather than eapol.

The same filter works fine in tcpdump. I am guessing the packet writer is adding unnecessary headers that are messing up the pcap file. Any ideas where the problem could be?

Thanks,
Joseph

[Matias Fontanini]

Could you attach a tcpdump capture from that interface using that filter and the code you're using in the callback function?

Thanks!

[Matias Fontanini]

This is fixed, a flag was not being set when serializing EAPOL over LLC+SNAP. Thanks for the bug report!

[Joseph D. Beshay]

Excellent. I will pull the updates later today and try it out.

Thank you!

--
You received this message because you are subscribed to a topic in the Google Groups "libtins" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/libtins/9VcokvSFoww/unsubscribe.
To unsubscribe from this group and all its topics, send an email to libtins+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.