BPF筛选器字符串在路由器上不起作用

Question

I am using a filter string to catch only the probe-request frames from my wifi router working in monitor/Promisc mode .

the same string ie "type mgt subtype probe-req" is working when i am running my code on a laptop but on my linksys WRT54g its giving error that

cannot pcap_compile() function is not working.

To be more explanatory, I am using OpenWRT White Russian 0.9 firmware on my router and its equivalent SDK to build package for it. The program uses Libpcap library to capture raw packets from the network.

So I want to know that is there any change in the string format while working on embedded devices like a router. If yes can you suggest me where I can find the documentation for it. If no that what's wrong I am doing.

Answer 1

The filter strings that are allowed depend on:

• the version of libpcap/WinPcap in use;
• the link-layer header type being captured on the device.

That particular filter would be allowed if libpcap 1.0 or later is being used and if the adapter is supplying packets with 802.11 headers. Note that, on most OSes, an 802.11 adapter will supply packets with 802.11 headers only if the adapter is running in monitor mode; otherwise, it'll supply packets with Ethernet headers, and will only supply data frames, not management or control frames.

The program uses Libpcap library to capture raw packets from the network.

Whatever the program is, it should be doing a better job of reporting errors from pcap_compile() . It should include, in the error message, the text returned by pcap_geterr() when pcap_geterr() is handed the pcap_t * that you passed to pcap_compile() ; that way, you will know more information about why the error occurred, and therefore will know more information about what you need to do to fix it.