wiki:WirelessTraces

Version 1 (modified by smr26, 14 years ago) (diff)

--

Libtrace Wireless Support

Libtrace3 contains functions that allow easy access to wireless metadata attached to frames in wireless traces. For example, a trace taken from a MadWiFi based monitor mode VAP can have Radiotap or Prism headers prepended to each IEEE802.11 frame. These headers include information such as bitrate, signal strength, etc, for each packet. Libtrace's wireless support allows access to this information in a consistent manner, no matter what frame encapsulation is used.

Note, as of libtrace 3.0, only Radiotap encapsulation is supported.

General API

The complete wireless API can be found here. We will give a brief overview and example of its usage below.

All wireless functions are named trace_get_wireless_*, where * is the wireless metadata that you are interested in. Each of the functions returns a bool which indicates whether the requested metadata could be found in the packet. Each function takes a void pointer to the start of the metadata header (usually obtained by trace_get_link(pkt)), a linktype to indicate the type of encapsulation (usually obtained by trace_get_link_type(pkt)), and an address to store the resulting metadata.

Trace Processing Example

For example, assume we want to retrieve the signal strength in dBm for each packet in our trace:

while (trace_read_packet(trace, pkt) > 0)
{
    int8_t signal;
    trace_get_wireless_signal_strength_dbm(trace_get_link(pkt), trace_get_link_type(pkt), &signal);
    printf("%i dBm\n", signal);
}

Note that in this code we have not specified what encapsulation is used. The trace_get_wireless_* methods will skip Linux SLL headers automatically and figure out how to obtain the metadata. Note that if the packet does not contain the requested metadata, the trace_get_wireless_* functions will return false, and the value in the output parameter is undefined.

Capturing Traces with Wireless Metadata

As an aside, we will explain how to capture traces that include useful metadata suitable for use in Libtrace. The example given below is based on MadWiFi version 0.9.3, however the same principles apply to other wireless drivers. The only pre-requisite is that a driver be capable of prepending a supported wireless metadata format to frames. Also note that as of Libtrace 3.0, the wireless support is limited to Radiotap encapsulation, though Prism AVS is planned (though it appears that Prism support is to be deprecated in upcoming Linux kernels in favour of the more extensible Radiotap).

Setting up MadWiFi for Radiotap

Create a new Monitor mode VAP:

wlanconfig mon0 create wlandev wifi0 wlanmode mon (where mon0 is the name of the monitor mode vap, and wifi0 is the name of the MadWiFi base device)

Enable Radiotap encapsulation:

echo '803' > /proc/sys/net/mon0/dev_type

Capture packets using either tcpdump -w or tracesplit, e.g.

tracesplit int:mon0 pcapfile:trace.pcap

You can then open the trace trace.pcap with your libtrace application and use the trace_get_wireless_* methods to extract per-packet metadata.

Attachments (1)

Download all attachments as: .zip