mailing list archives
Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs
From: "Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco)" <emedward () cisco com>
Date: Fri, 20 Dec 2013 14:44:41 +0000
Hi Guy, Alexis,
I think, I should have mentioned this earlier.
There does exist two different headers: a 20-byte (legacy) and a 55-byte (with additional, 802.11n support)
To accommodate the 802.11n header, we would need a different dissection at dissect_peekremote(), apart from the way
legacy header had been dealt.
May be, we can have the 'magic number' as reference from the obtained hex-dump, to choose between the two dissection
PFA the difference in dissection that omnipeek performs on a 20-byte and a 55-byte header.
I believe it helps in the classification of fields to be done at dissect_peekremote().
Please let me know your further queries/comments.
Once clear, I'll go ahead to file a bug, with all these snaps & pkt captures.
Thanks and Regards,
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe