Giter Club home page Giter Club logo

Comments (3)

melyux avatar melyux commented on September 23, 2024

Seems it's to do with pcapy not having the feature to turn on monitor mode like the original libpcap can (PcapPy seems to be the only libpcap wrapper that can actually manage this on OS X; and pypcap also works but is not thread-safe, so useless). Which is strange because pcapy should be able to use the en0 interface when it's already been put into monitor mode through some other means, but it continues to throw the pcapy.PcapError: 802.11 link-layer types supported only on 802.11 error as if en0 is not in monitor mode at all. Weird.

Could the pcap_set_rfmon() function be implemented in pcapy? I guess that would entail also implementing the pcap object since that function only works with that, and not with the so-far implemented open_live mode. PcapPy seems to have gone around this somewhat by adding the rfmon and activate arguments to its open_live implementation to mimic the open_live function while providing the full functionality of the pcap object creation method in the backend.

from pcapy.

guyharris avatar guyharris commented on September 23, 2024

If pcapy were to implement pcap_set_rfmon(), it'd also have to implement pcap_create() and pcap_activate(), as, to open in monitor mode, you have to call pcap_create() to create the pcap_t, pcap_set_rfmon() to request monitor mode (and other calls to request a particular snapshot length, etc.), and pcap_activate() to activate the pcap_t, opening the device.

(See also issue #23, which would also require pcap_create() and pcap_activate(). More and more new capabilities in libpcap will require them over time, so I'd suggest using those APIs in pcapy if they're available. A quick look at PcapPy seems to suggest that the additional arguments to open_live are keyword/value pairs, so it might be able to handle at least some future extensions.)

from pcapy.

guyharris avatar guyharris commented on September 23, 2024

Which is strange because pcapy should be able to use the en0 interface when it's already been put into monitor mode through some other means

Just because an interface is in monitor mode, that doesn't mean that all BPF devices bound to the interface are in monitor mode - I just ran tcpdump in two terminal windows, one with -I and one without -I, and the one with -I showed the usual 802.11 frames while the one without it just showed "fake Ethernet" frames.

from pcapy.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.