Anonymous - 2008-07-26

Hola,

I noticed that when running WepLab on OpenBSD, although ifconfig reports a media of 802.11, I get a link layer type of EN10MB. As a result, no packets are captured. This behavior was also confirmed on MacOSX by a friend of mine. I have attached a patch for WepLab 0.1.5 which will fix this little problem. When applied, it will produce the following output:

# ./weplab -c packets.pcap -i rum0
weplab - Wep Key Cracker Wep Key Cracker (v0.1.5).
Jose Ignacio Sanchez Martin - Topo[LB] <topolb@users.sourceforge.net>

Incompatible datalink type. Trying to correct it...
Ok corrected. Datalink set to IEEE802_11

Packet capture started! Please hit enter to get statistics.

=> Press 'q' to stop sniffing

So here it is...

diff -Nur weplab-0.1.5/capture.c weplab-0.1.5-patch/capture.c
--- weplab-0.1.5/capture.c      Thu Mar  3 22:45:37 2005
+++ weplab-0.1.5-patch/capture.c        Wed Jul 23 14:03:53 2008
@@ -114,6 +114,7 @@
        pcap_t *handle;  
        pid_t mpid;
        pcap_dumper_t *dumpfile;
+        int *list, i, dl, ret;

        capturedWeakPacketsTable=malloc(HUGE_MEM_WEAKPACKETS_SIZE);
        if (!capturedWeakPacketsTable) {
@@ -134,8 +135,45 @@
   }

        if (pcap_datalink(handle)!=DLT_IEEE802_11 && pcap_datalink(handle)!=DLT_PRISM_HEADER){
-               printf("ERROR: datalink type is not DLT_IEEE802.11 or PRISM_HEADER. Maybe you need to configure monitor mode in your wireless card\n");
-               exit(1);
+               printf("Incompatible datalink type. Trying to correct it...\n");
+
+               /* Fetch the suported datalink types for this interface. */
+               if((ret = pcap_list_datalinks(handle, &list)) < 0) {
+                       pcap_perror(handle, "pcap_list_datalinks()");
+                       pcap_close(handle);
+                       exit(1);
+               }
+
+               /* Decide what kind of datalink we need. */
+               if(global_v.prismHeaderPresent)
+                       dl = DLT_PRISM_HEADER;
+               else
+                       dl = DLT_IEEE802_11;
+
+               /* Loop through the list of available datalink types and
+                * search for the needed type. If it's there then try to
+                * set it. If not, then probably this is not a WiFi adapter!
+                */
+               for(i = 0; i < ret; i++) {
+                       if(list[i] == dl) {
+                               if((pcap_set_datalink(handle, dl)) < 0) {
+                                       pcap_perror(handle, "pcap_set_datalink()");
+                                       pcap_close(handle);
+                                       exit(1);
+                               }
+                               break;
+                       }
+               }
+
+               /* Verify everything is ok. */
+               if(pcap_datalink(handle) != dl) {
+                       printf("ERROR: datalink type is not DLT_IEEE802.11 or PRISM_HEADER. Maybe you need to configure "
+                               "monitor mode in your wireless card or maybe this interface is not a wireless card!\n");
+                       pcap_close(handle);
+                       exit(1);
+               }
+
+               printf("Ok corrected. Datalink set to %s\n", pcap_datalink_val_to_name(dl));
        }
       
        if (pcap_datalink(handle)==DLT_PRISM_HEADER){

Regards
./hk