<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<STYLE type=text/css>DIV {
MARGIN: 0px
}
</STYLE>
<META content="MSHTML 6.00.6000.16441" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=eddie_harari@yahoo.com href="mailto:eddie_harari@yahoo.com">eddie
harari</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, May 09, 2007 5:43
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users] Technical 802.11
question - winpcap related</DIV>
<DIV><FONT size=2></FONT><BR></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV>Hi , </DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV> I have the folowing question trubling me and i cant seem to
find an answer for it:</DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV> I was able to inject packets to my wireless network using winpcap
llibrary and some C source code i wrote under cygwin.</DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV> my problem is that i could not change my MAC address in the packets
i send, technically speaking all i do is make a "frame format" buffer , i put
</DIV>
<DIV> the correct values in it and then i send it over the wireless
interface. </DIV>
<DIV> when i put another MAC ADDRESS insted of my real MAC address , the
packet will be ignored by the AP ( i guess ).</DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV> what i am trying to understand:</DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV> 1. the buffer i provide is basically like an ethernet frame
format. I do not try to control the 802.11 frame format. ( i dont know
how to take control over it with the current API ). Is there something
in the 802.11 frame header that will cause my </DIV>
<DIV>"crafted" packets to be ignored when i fake my mac address ?</DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV></DIV></BLOCKQUOTE>
<DIV><FONT face="Courier New" size=2>As <FONT face="Times New Roman">Steighton
already pointed out, those are fake ethernet packets that are converted into
802.11 frames by the wireless driver. It's entirely possible that
</FONT></FONT></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
size=2>1. the wireless driver silently discards them</FONT></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
size=2>2. it changes the MAC source to the MAC of your card.</FONT></DIV>
<DIV
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; FONT-SIZE: 12pt; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px; FONT-FAMILY: times new roman, new york, times, serif"><FONT
size=2></FONT> </DIV>
<DIV><FONT size=2>The only way to understand this is to sniff the air with a
real wireless sniffer, being it AirPcap or a machine running linux/bsd/macosx
and a card put in monitor mode.</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
size=2></FONT> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
face="Courier New" size=2></FONT> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> 2.
anyone knows of an API that will give me control on the 802.11 frame header
?</DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> </DIV></BLOCKQUOTE>
<DIV><FONT face="Courier New" size=2>There's no such API, as WinPcap does not
have any control over how the wireless miniport drivers convert fake ethernet
frames into 802.11 frames.</FONT></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
face="Courier New" size=2></FONT> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
face="Courier New" size=2>Have a nice day</FONT></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
face="Courier New" size=2>GV</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
face="Courier New" size=2></FONT> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> thanks
, </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
face="Courier New" size=2></FONT> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Eddie.</DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> </DIV><BR>
<HR SIZE=1>
Now that's room service! <A
href="http://travel.yahoo.com/hotelsearchpage;_ylc=X3oDMTFtaTIzNXVjBF9TAzk3NDA3NTg5BF9zAzI3MTk0ODEEcG9zAzIEc2VjA21haWx0YWdsaW5lBHNsawNxMS0wNw--">Choose
from over 150,000 hotels <BR>in 45,000 destinations on Yahoo! Travel</A> to
find your fit.
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>