Home page logo
/

wireshark logo Wireshark mailing list archives

Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs
From: "Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco)" <emedward () cisco com>
Date: Fri, 20 Dec 2013 14:44:41 +0000

Hi Guy, Alexis,

I think, I should have mentioned this earlier.

There does exist two different headers: a 20-byte (legacy) and a 55-byte (with additional, 802.11n support)

To accommodate the 802.11n header, we would need a different dissection at dissect_peekremote(), apart from the way 
legacy header had been dealt.
May be, we can have the 'magic number' as reference from the obtained hex-dump, to choose between the two dissection 
methods.

PFA the difference in dissection that omnipeek performs on a 20-byte and a 55-byte header. 
(compare_80211n_legacy_omnipeek.png)
I believe it helps in the classification of fields to be done at dissect_peekremote().

Please let me know your further queries/comments.
Once clear, I'll go ahead to file a bug, with all these snaps & pkt captures.


Thanks and Regards,
Emburey

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]