Home page logo
/

wireshark logo Wireshark mailing list archives

IEEE80211 Prism header dissecting problem ..
From: "H.Jin Ko" <ymir.kr () gmail com>
Date: Thu, 20 Mar 2014 16:58:12 +0900

Hello List.

I dumped wireless packet using tcpdump (DLT_PRISM_HEADER) on linux
(mips) and opened it in wireshark (v1.10.6) on win7.
Wireshark say its encapsulation type is "IEEE 802.11 plus Prism II
monitor mode radio header (21)" but didn't dissect prism header.
Raw packet has 144 bytes of PRISM header and WLAN's frame control is
started at 0x90.
But wireshark dissected frame control at 0x00 without Prism header.

Prism(Prism capture header) is already checked in Enabled Protocols.
I want to see correct dissected Prism header.
Is there something that I missing?

Thanks in advance.

- H.Jin


$ file out.cap
out.cap: tcpdump capture file (big-endian) - version 2.4 (802.11 with
Prism header, capture length 65535)

<snip>
Frame 24: 394 bytes on wire (3152 bits), 394 bytes captured (3152 bits)
    Encapsulation type: IEEE 802.11 plus Prism II monitor mode radio header (21)
    Arrival Time: Jan  1, 2014 09:03:51.007932000 대한민국 표준시
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1388534631.007932000 seconds
    [Time delta from previous captured frame: 0.076445000 seconds]
    [Time delta from previous displayed frame: 0.076445000 seconds]
    [Time since reference or first frame: 1.100408000 seconds]
    Frame Number: 24
    Frame Length: 394 bytes (3152 bits)
    Capture Length: 394 bytes (3152 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: prism:wlan]
IEEE 802.11 Association Request, Flags: ........
    Type/Subtype: Association Request (0x00)
    Frame Control Field: 0x0000
        .... ..00 = Version: 0
        .... 00.. = Type: Management frame (0)
        0000 .... = Subtype: 0
        Flags: 0x00
            .... ..00 = DS status: Not leaving DS or network is
operating in AD-HOC mode (To DS: 0 From DS: 0) (0x00)
            .... .0.. = More Fragments: This is the last fragment
            .... 0... = Retry: Frame is not being retransmitted
            ...0 .... = PWR MGT: STA will stay up
            ..0. .... = More Data: No data buffered
            .0.. .... = Protected flag: Data is not protected
            0... .... = Order flag: Not strictly ordered
    .100 0100 0000 0000 = Duration: 17408 microseconds
    Receiver address: 00:00:00:90:61:74 (00:00:00:90:61:74)
    Destination address: 00:00:00:90:61:74 (00:00:00:90:61:74)
    Transmitter address: 68:30:00:00:00:00 (68:30:00:00:00:00)
    Source address: 68:30:00:00:00:00 (68:30:00:00:00:00)
    BSS Id: 00:00:00:00:00:00 (00:00:00:00:00:00)
    Fragment number: 0
    Sequence number: 0

.......

0000  00 00 00 44 00 00 00 90 61 74 68 30 00 00 00 00   ...D....ath0....
0010  00 00 00 00 00 00 00 00 00 01 00 44 00 00 00 04   ...........D....
0020  ff ff bc 9f 00 02 00 44 00 00 00 04 0a ed 92 a3   .......D........
0030  00 03 00 44 00 00 00 04 00 00 00 99 00 04 00 44   ...D...........D
0040  00 00 00 04 00 00 00 1f 00 00 00 00 00 00 00 00   ................
0050  00 00 00 00 00 06 00 44 00 00 00 04 00 00 00 1f   .......D........
0060  00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 44   ...............D
0070  00 00 00 04 00 00 00 0b 00 09 00 44 00 00 00 04   ...........D....
0080  00 00 00 00 00 0a 00 44 00 00 00 04 00 00 00 fa   .......D........
0090  80 00 00 00 ff ff ff ff ff ff 20 e5 2a 06 d2 73   .......... .*..s
00a0  20 e5 2a 06 d2 73 f0 52 42 90 1a 69 8b 01 00 00    .*..s.RB..i....
00b0  64 00 11 00 00 0d 4e 45 54 47 45 41 52 5f 52 36   d.....NETGEAR_R6
00c0  33 30 30 01 08 8c 12 98 24 b0 48 60 6c 05 04 01   300.....$.H`l...
00d0  02 00 00 30 14 01 00 00 0f ac 04 01 00 00 0f ac   ...0............
00e0  04 01 00 00 0f ac 02 0c 00 2d 1a ef 09 1b ff ff   .........-......
00f0  ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0100  00 00 00 00 00 3d 16 99 0f 04 00 00 00 00 00 00   .....=..........
0110  00 00 00 00 00 00 00 00 00 00 00 00 00 bf 0c b7   ................
0120  00 00 00 ea ff 00 00 ea ff 00 00 c0 05 00 97 00   ................
0130  00 00 dd 31 00 50 f2 04 10 4a 00 01 10 10 44 00   ...1.P...J....D.
0140  01 02 10 47 00 10 56 62 9f 41 f4 59 6f 3d b2 4e   ...G..Vb.A.Yo=.N
0150  40 d4 9a 47 e7 6a 10 3c 00 01 03 10 49 00 06 00   @..G.j.<....I...
0160  37 2a 00 01 20 dd 09 00 10 18 02 01 00 1c 00 00   7*.. ...........
0170  dd 18 00 50 f2 02 01 01 88 00 03 a4 00 00 27 a4   ...P..........'.
0180  00 00 42 43 bc 00 62 32 66 00                     ..BC..b2f.
</snip>
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]