€•bSŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ1/translations/zh_CN/networking/mac80211-injection”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ1/translations/zh_TW/networking/mac80211-injection”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ1/translations/it_IT/networking/mac80211-injection”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ1/translations/ja_JP/networking/mac80211-injection”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ1/translations/ko_KR/networking/mac80211-injection”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ1/translations/sp_SP/networking/mac80211-injection”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1h¡hhhžhhŸŒK/var/lib/git/docbuild/linux/Documentation/networking/mac80211-injection.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ)How to use packet injection with mac80211”h]”hŒ)How to use packet injection with mac80211”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h KubhŒ paragraph”“”)”}”(hŒ©mac80211 now allows arbitrary packets to be injected down any Monitor Mode interface from userland. The packet you inject needs to be composed in the following format::”h]”hŒ¨mac80211 now allows arbitrary packets to be injected down any Monitor Mode interface from userland. The packet you inject needs to be composed in the following format:”…””}”(hhËhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhŒ literal_block”“”)”}”(hŒ5[ radiotap header ] [ ieee80211 header ] [ payload ]”h]”hŒ5[ radiotap header ] [ ieee80211 header ] [ payload ]”…””}”hhÛsbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1hÙhŸh³h K hh¶hžhubhÊ)”}”(hŒTThe radiotap format is discussed in ./Documentation/networking/radiotap-headers.rst.”h]”hŒTThe radiotap format is discussed in ./Documentation/networking/radiotap-headers.rst.”…””}”(hhéhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhÊ)”}”(hŒËDespite many radiotap parameters being currently defined, most only make sense to appear on received packets. The following information is parsed from the radiotap headers and used to control injection:”h]”hŒËDespite many radiotap parameters being currently defined, most only make sense to appear on received packets. The following information is parsed from the radiotap headers and used to control injection:”…””}”(hh÷hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhŒ block_quote”“”)”}”(hXÕ* IEEE80211_RADIOTAP_FLAGS ========================= =========================================== IEEE80211_RADIOTAP_F_FCS FCS will be removed and recalculated IEEE80211_RADIOTAP_F_WEP frame will be encrypted if key available IEEE80211_RADIOTAP_F_FRAG frame will be fragmented if longer than the current fragmentation threshold. ========================= =========================================== * IEEE80211_RADIOTAP_TX_FLAGS ============================= ======================================== IEEE80211_RADIOTAP_F_TX_NOACK frame should be sent without waiting for an ACK even if it is a unicast frame ============================= ======================================== * IEEE80211_RADIOTAP_RATE legacy rate for the transmission (only for devices without own rate control) * IEEE80211_RADIOTAP_MCS HT rate for the transmission (only for devices without own rate control). Also some flags are parsed ============================ ======================== IEEE80211_RADIOTAP_MCS_SGI use short guard interval IEEE80211_RADIOTAP_MCS_BW_40 send in HT40 mode ============================ ======================== * IEEE80211_RADIOTAP_DATA_RETRIES number of retries when either IEEE80211_RADIOTAP_RATE or IEEE80211_RADIOTAP_MCS was used * IEEE80211_RADIOTAP_VHT VHT mcs and number of streams used in the transmission (only for devices without own rate control). Also other fields are parsed flags field IEEE80211_RADIOTAP_VHT_FLAG_SGI: use short guard interval bandwidth field * 1: send using 40MHz channel width * 4: send using 80MHz channel width * 11: send using 160MHz channel width ”h]”hŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hX¯IEEE80211_RADIOTAP_FLAGS ========================= =========================================== IEEE80211_RADIOTAP_F_FCS FCS will be removed and recalculated IEEE80211_RADIOTAP_F_WEP frame will be encrypted if key available IEEE80211_RADIOTAP_F_FRAG frame will be fragmented if longer than the current fragmentation threshold. ========================= =========================================== ”h]”(hÊ)”}”(hŒIEEE80211_RADIOTAP_FLAGS”h]”hŒIEEE80211_RADIOTAP_FLAGS”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KhjubhŒtable”“”)”}”(hhh]”hŒtgroup”“”)”}”(hhh]”(hŒcolspec”“”)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j.hj+ubj/)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K+uh1j.hj+ubhŒtbody”“”)”}”(hhh]”(hŒrow”“”)”}”(hhh]”(hŒentry”“”)”}”(hhh]”hÊ)”}”(hŒIEEE80211_RADIOTAP_F_FCS”h]”hŒIEEE80211_RADIOTAP_F_FCS”…””}”(hjShžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KhjPubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhjKubjO)”}”(hhh]”hÊ)”}”(hŒ$FCS will be removed and recalculated”h]”hŒ$FCS will be removed and recalculated”…””}”(hjjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khjgubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhjKubeh}”(h]”h ]”h"]”h$]”h&]”uh1jIhjFubjJ)”}”(hhh]”(jO)”}”(hhh]”hÊ)”}”(hŒIEEE80211_RADIOTAP_F_WEP”h]”hŒIEEE80211_RADIOTAP_F_WEP”…””}”(hjŠhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khj‡ubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhj„ubjO)”}”(hhh]”hÊ)”}”(hŒ(frame will be encrypted if key available”h]”hŒ(frame will be encrypted if key available”…””}”(hj¡hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khjžubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhj„ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jIhjFubjJ)”}”(hhh]”(jO)”}”(hhh]”hÊ)”}”(hŒIEEE80211_RADIOTAP_F_FRAG”h]”hŒIEEE80211_RADIOTAP_F_FRAG”…””}”(hjÁhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khj¾ubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhj»ubjO)”}”(hhh]”hÊ)”}”(hŒLframe will be fragmented if longer than the current fragmentation threshold.”h]”hŒLframe will be fragmented if longer than the current fragmentation threshold.”…””}”(hjØhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KhjÕubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhj»ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jIhjFubeh}”(h]”h ]”h"]”h$]”h&]”uh1jDhj+ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1j)hj&ubah}”(h]”h ]”h"]”h$]”h&]”uh1j$hjubeh}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubj)”}”(hX9IEEE80211_RADIOTAP_TX_FLAGS ============================= ======================================== IEEE80211_RADIOTAP_F_TX_NOACK frame should be sent without waiting for an ACK even if it is a unicast frame ============================= ======================================== ”h]”(hÊ)”}”(hŒIEEE80211_RADIOTAP_TX_FLAGS”h]”hŒIEEE80211_RADIOTAP_TX_FLAGS”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khj ubj%)”}”(hhh]”j*)”}”(hhh]”(j/)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j.hj ubj/)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K(uh1j.hj ubjE)”}”(hhh]”jJ)”}”(hhh]”(jO)”}”(hhh]”hÊ)”}”(hŒIEEE80211_RADIOTAP_F_TX_NOACK”h]”hŒIEEE80211_RADIOTAP_F_TX_NOACK”…””}”(hj@hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K"hj=ubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhj:ubjO)”}”(hhh]”hÊ)”}”(hŒMframe should be sent without waiting for an ACK even if it is a unicast frame”h]”hŒMframe should be sent without waiting for an ACK even if it is a unicast frame”…””}”(hjWhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K"hjTubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhj:ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jIhj7ubah}”(h]”h ]”h"]”h$]”h&]”uh1jDhj ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1j)hjubah}”(h]”h ]”h"]”h$]”h&]”uh1j$hj ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubj)”}”(hŒfIEEE80211_RADIOTAP_RATE legacy rate for the transmission (only for devices without own rate control) ”h]”(hÊ)”}”(hŒIEEE80211_RADIOTAP_RATE”h]”hŒIEEE80211_RADIOTAP_RATE”…””}”(hjŽhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K&hjŠubhÊ)”}”(hŒLlegacy rate for the transmission (only for devices without own rate control)”h]”hŒLlegacy rate for the transmission (only for devices without own rate control)”…””}”(hjœhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K(hjŠubeh}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubj)”}”(hXSIEEE80211_RADIOTAP_MCS HT rate for the transmission (only for devices without own rate control). Also some flags are parsed ============================ ======================== IEEE80211_RADIOTAP_MCS_SGI use short guard interval IEEE80211_RADIOTAP_MCS_BW_40 send in HT40 mode ============================ ======================== ”h]”(hÊ)”}”(hŒIEEE80211_RADIOTAP_MCS”h]”hŒIEEE80211_RADIOTAP_MCS”…””}”(hj´hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K*hj°ubhÊ)”}”(hŒdHT rate for the transmission (only for devices without own rate control). Also some flags are parsed”h]”hŒdHT rate for the transmission (only for devices without own rate control). Also some flags are parsed”…””}”(hjÂhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K,hj°ubj%)”}”(hhh]”j*)”}”(hhh]”(j/)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j.hjÓubj/)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j.hjÓubjE)”}”(hhh]”(jJ)”}”(hhh]”(jO)”}”(hhh]”hÊ)”}”(hŒIEEE80211_RADIOTAP_MCS_SGI”h]”hŒIEEE80211_RADIOTAP_MCS_SGI”…””}”(hjóhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K0hjðubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhjíubjO)”}”(hhh]”hÊ)”}”(hŒuse short guard interval”h]”hŒuse short guard interval”…””}”(hj hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K0hjubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhjíubeh}”(h]”h ]”h"]”h$]”h&]”uh1jIhjêubjJ)”}”(hhh]”(jO)”}”(hhh]”hÊ)”}”(hŒIEEE80211_RADIOTAP_MCS_BW_40”h]”hŒIEEE80211_RADIOTAP_MCS_BW_40”…””}”(hj*hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K1hj'ubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhj$ubjO)”}”(hhh]”hÊ)”}”(hŒsend in HT40 mode”h]”hŒsend in HT40 mode”…””}”(hjAhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K1hj>ubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhj$ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jIhjêubeh}”(h]”h ]”h"]”h$]”h&]”uh1jDhjÓubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1j)hjÐubah}”(h]”h ]”h"]”h$]”h&]”uh1j$hj°ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubj)”}”(hŒzIEEE80211_RADIOTAP_DATA_RETRIES number of retries when either IEEE80211_RADIOTAP_RATE or IEEE80211_RADIOTAP_MCS was used ”h]”(hÊ)”}”(hŒIEEE80211_RADIOTAP_DATA_RETRIES”h]”hŒIEEE80211_RADIOTAP_DATA_RETRIES”…””}”(hjxhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K4hjtubhÊ)”}”(hŒXnumber of retries when either IEEE80211_RADIOTAP_RATE or IEEE80211_RADIOTAP_MCS was used”h]”hŒXnumber of retries when either IEEE80211_RADIOTAP_RATE or IEEE80211_RADIOTAP_MCS was used”…””}”(hj†hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K6hjtubeh}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubj)”}”(hXsIEEE80211_RADIOTAP_VHT VHT mcs and number of streams used in the transmission (only for devices without own rate control). Also other fields are parsed flags field IEEE80211_RADIOTAP_VHT_FLAG_SGI: use short guard interval bandwidth field * 1: send using 40MHz channel width * 4: send using 80MHz channel width * 11: send using 160MHz channel width ”h]”(hÊ)”}”(hŒIEEE80211_RADIOTAP_VHT”h]”hŒIEEE80211_RADIOTAP_VHT”…””}”(hjžhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K9hjšubhÊ)”}”(hŒ€VHT mcs and number of streams used in the transmission (only for devices without own rate control). Also other fields are parsed”h]”hŒ€VHT mcs and number of streams used in the transmission (only for devices without own rate control). Also other fields are parsed”…””}”(hj¬hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K;hjšubhŒdefinition_list”“”)”}”(hhh]”(hŒdefinition_list_item”“”)”}”(hŒFflags field IEEE80211_RADIOTAP_VHT_FLAG_SGI: use short guard interval ”h]”(hŒterm”“”)”}”(hŒ flags field”h]”hŒ flags field”…””}”(hjÇhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÅhŸh³h K?hjÁubhŒ definition”“”)”}”(hhh]”hÊ)”}”(hŒ9IEEE80211_RADIOTAP_VHT_FLAG_SGI: use short guard interval”h]”hŒ9IEEE80211_RADIOTAP_VHT_FLAG_SGI: use short guard interval”…””}”(hjÚhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K?hj×ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕhjÁubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¿hŸh³h K?hj¼ubjÀ)”}”(hŒ~bandwidth field * 1: send using 40MHz channel width * 4: send using 80MHz channel width * 11: send using 160MHz channel width ”h]”(jÆ)”}”(hŒbandwidth field”h]”hŒbandwidth field”…””}”(hjøhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÅhŸh³h KDhjôubjÖ)”}”(hhh]”j )”}”(hhh]”(j)”}”(hŒ!1: send using 40MHz channel width”h]”hÊ)”}”(hjh]”hŒ!1: send using 40MHz channel width”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KBhj ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubj)”}”(hŒ!4: send using 80MHz channel width”h]”hÊ)”}”(hj%h]”hŒ!4: send using 80MHz channel width”…””}”(hj'hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KChj#ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubj)”}”(hŒ$11: send using 160MHz channel width ”h]”hÊ)”}”(hŒ#11: send using 160MHz channel width”h]”hŒ#11: send using 160MHz channel width”…””}”(hj>hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KDhj:ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1j hŸh³h KBhjubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕhjôubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¿hŸh³h KDhj¼ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jºhjšubeh}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubeh}”(h]”h ]”h"]”h$]”h&]”jXjYuh1j hŸh³h Khjubah}”(h]”h ]”h"]”h$]”h&]”uh1jhŸh³h Khh¶hžhubhÊ)”}”(hŒ‡The injection code can also skip all other currently defined radiotap fields facilitating replay of captured radiotap headers directly.”h]”hŒ‡The injection code can also skip all other currently defined radiotap fields facilitating replay of captured radiotap headers directly.”…””}”(hj~hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KFhh¶hžhubhÊ)”}”(hŒCHere is an example valid radiotap header defining some parameters::”h]”hŒBHere is an example valid radiotap header defining some parameters:”…””}”(hjŒhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KIhh¶hžhubhÚ)”}”(hŒ¬0x00, 0x00, // <-- radiotap version 0x0b, 0x00, // <- radiotap header length 0x04, 0x0c, 0x00, 0x00, // <-- bitmap 0x6c, // <-- rate 0x0c, //<-- tx power 0x01 //<-- antenna”h]”hŒ¬0x00, 0x00, // <-- radiotap version 0x0b, 0x00, // <- radiotap header length 0x04, 0x0c, 0x00, 0x00, // <-- bitmap 0x6c, // <-- rate 0x0c, //<-- tx power 0x01 //<-- antenna”…””}”hjšsbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1hÙhŸh³h KKhh¶hžhubhÊ)”}”(hŒTThe ieee80211 header follows immediately afterwards, looking for example like this::”h]”hŒSThe ieee80211 header follows immediately afterwards, looking for example like this:”…””}”(hj¨hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KRhh¶hžhubhÚ)”}”(hŒŽ0x08, 0x01, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x13, 0x22, 0x33, 0x44, 0x55, 0x66, 0x13, 0x22, 0x33, 0x44, 0x55, 0x66, 0x10, 0x86”h]”hŒŽ0x08, 0x01, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x13, 0x22, 0x33, 0x44, 0x55, 0x66, 0x13, 0x22, 0x33, 0x44, 0x55, 0x66, 0x10, 0x86”…””}”hj¶sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1hÙhŸh³h KUhh¶hžhubhÊ)”}”(hŒ!Then lastly there is the payload.”h]”hŒ!Then lastly there is the payload.”…””}”(hjÄhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K[hh¶hžhubhÊ)”}”(hXAfter composing the packet contents, it is sent by send()-ing it to a logical mac80211 interface that is in Monitor mode. Libpcap can also be used, (which is easier than doing the work to bind the socket to the right interface), along the following lines:::”h]”hXAfter composing the packet contents, it is sent by send()-ing it to a logical mac80211 interface that is in Monitor mode. Libpcap can also be used, (which is easier than doing the work to bind the socket to the right interface), along the following lines::”…””}”(hjÒhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K]hh¶hžhubhÚ)”}”(hŒrppcap = pcap_open_live(szInterfaceName, 800, 1, 20, szErrbuf); ... r = pcap_inject(ppcap, u8aSendBuffer, nLength);”h]”hŒrppcap = pcap_open_live(szInterfaceName, 800, 1, 20, szErrbuf); ... r = pcap_inject(ppcap, u8aSendBuffer, nLength);”…””}”hjàsbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1hÙhŸh³h Kbhh¶hžhubhÊ)”}”(hŒ?You can also find a link to a complete inject application here:”h]”hŒ?You can also find a link to a complete inject application here:”…””}”(hjîhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Kfhh¶hžhubhÊ)”}”(hŒEhttps://wireless.wiki.kernel.org/en/users/Documentation/packetspammer”h]”hŒ reference”“”)”}”(hjþh]”hŒEhttps://wireless.wiki.kernel.org/en/users/Documentation/packetspammer”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jþuh1jhjüubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khhh¶hžhubhÊ)”}”(hŒAndy Green ”h]”(hŒ Andy Green <”…””}”(hjhžhhŸNh Nubj)”}”(hŒandy@warmcat.com”h]”hŒandy@warmcat.com”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œmailto:andy@warmcat.com”uh1jhjubhŒ>”…””}”(hjhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Kjhh¶hžhubeh}”(h]”Œ)how-to-use-packet-injection-with-mac80211”ah ]”h"]”Œ)how to use packet injection with mac80211”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”jNŒfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jbŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”j=j:sŒ nametypes”}”j=‰sh}”j:h¶sŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.