我正在尝试在我的 Mac 上以监控模式捕获数据包以解决研究问题。从这些数据包中,我需要一些特殊信息,例如 rssi。不幸的是,链接类型显示 DLT_IEEE802_11_RADIO,但我实际上期望 DLT_PRISM_HEADER,因为应该打开监控模式。这是一个问题,因为 radiotap 标头不提供任何 RSSI 值或我需要的其他内容。
这是我的代码(我省略了回调方法等):
int main(int argc, char *argv[])
{
pcap_t *handle; /* Session handle */
char *dev; /* The device to sniff on */
char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
struct pcap_pkthdr header; /* The header that pcap gives us */
const u_char *packet; /* The actual packet */
struct ether_header *ether; /* net/ethernet.h */
/* Define the device */
dev = pcap_lookupdev(errbuf);
if(dev == NULL) {
printf("Couldn't find default device: %s\n", errbuf);
exit(EXIT_FAILURE);
}
printf("Device: %s\n", dev);
//handle = pcap_open_live(dev, 1562, 1, 500, errbuf);
handle = pcap_create(dev, errbuf);
if(handle == NULL) {
printf("pcap_create failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
/* set monitor mode on */
if(pcap_set_rfmon(handle, 1) != 0) {
printf("monitor mode not available\n");
exit(EXIT_FAILURE);
}
pcap_set_snaplen(handle, 2048); // Set the snapshot length to 2048
pcap_set_promisc(handle, 1); // Turn promiscuous mode on
pcap_set_timeout(handle, 512); // Set the timeout to 512 milliseconds
int status = pcap_activate(handle);
if(status != 0) {
printf("activation failed: %d\n", status);
}
printf("link-type: %s\n", pcap_datalink_val_to_name(pcap_datalink(handle)));
int loop = pcap_loop(handle, 1, process_packet, NULL);
if(loop != 0) {
printf("loop terminated before exhaustion: %d\n", loop);
}
/* And close the session */
pcap_close(handle);
return(0);
}
那么有人知道,为什么我收到的是radiotap而不是棱镜,我应该怎么做?我再次在 OSX 下编码。