mailing list archives
Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs
From: Guy Harris <guy () alum mit edu>
Date: Fri, 20 Dec 2013 11:21:08 -0800
On Dec 20, 2013, at 6:44 AM, "Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco)" <emedward () cisco com>
I think, I should have mentioned this earlier.
There does exist two different headers: a 20-byte (legacy) and a 55-byte (with additional, 802.11n support)
The legacy header does *not* appear to have a magic number, based on the capture file Joerg made available.
Do you have complete details on what it contains, so that we can finish the dissector for it?
To accommodate the 802.11n header, we would need a different dissection at dissect_peekremote(), apart from the way
legacy header had been dealt.
May be, we can have the ‘magic number’ as reference from the obtained hex-dump, to choose between the two dissection
We should probably:
1) make a heuristic dissector for the new header, and have it check for the magic number, so that, for the new
header, you *don't* have to use "Decode As...";
2) have the port-number-based dissector call the heuristic dissector first and:
if the heuristic dissector accepts the packet, just return;
otherwise, dissect the legacy header.
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe