3

I'm trying to send and receive packets with scapy and read the RadioTap Header. The wireless adapter (and driver) is able to handle those headers, but I can't seem to get them.

Whenever I send a normal packet in scapy, is does not contain such a header (thus, sniffing packets and checking one with pkt.haslayer(RadioTap) returns 0, and I am not able to display the header like with pkt[RadioTap].show() ). If I explicitly construct my packets with a RadioTap header (like in a pkt = RadioTap() and view it, I can get a RadioTap header, but it is empty. After sending it and receiving it, I can get still nothing.

I read posts like this one. But I don't have the problem that the RadioTap header doesn't get decoded, it's simply not filled with anything.

I'm using scapy 2.3.1, if this makes any difference. Any ideas?

Doodle Dee
  • 13
  • 5
Laura W
  • 31
  • 1
  • 3
  • Can you post the output of `pkt.show()`? – Pierre Mar 08 '16 at 15:09
  • 2
    For clarification: 1/ Do we agree that radiotap _are not actual parts of the packet send in the air_, but rather meta-informations associated to the packet by the capture process? (and thus it is not really up to you to setup these, and it's not surprising you see something else when sniffing from another process or machine) and 2/ Just to be sure: do we agree that in order to get a radiotap info on the packets, you must use an interface in _monitor mode_ (as opposed to both _normal_ or _promiscuous_ mode) – jbm Mar 09 '16 at 09:33

1 Answers1

0

Please make sure that your wireless interface and the driver support monitor mode.

$ iw list
...
    Supported interface modes:
         * IBSS
         * managed
         * AP
         * AP/VLAN
         * monitor <-- here
         * P2P-client
         * P2P-GO
         * P2P-device

And your interface is configured to monitor mode with a specific channel (e.g. ch=6).

$ sudo ip link set wlan0 down
$ sudo iw dev wlan0 set type monitor
$ sudo ip link set wlan0 up
$ sudo iw dev wlan0 set channel 6

It is also good idea to try with tools like wireshark first to see if RadioTap is visible.

yananet
  • 101
  • 6