Home page logo
/

wireshark logo Wireshark mailing list archives

Re: IEEE80211 Prism header dissecting problem ..
From: "H.Jin Ko" <ymir.kr () gmail com>
Date: Fri, 21 Mar 2014 11:19:21 +0900

As you say, wlan driver wrote prism header with host byte order and it
runs on mips(big-endian) machine.
However prism dissector treated prism is little-endian (such like radiotap).
I need to fix driver or use custom dissector for this case.

Thanks for replay, Hadriel and Guy.
I really appreciate it.

- H.Jin


2014-03-21 2:50 GMT+09:00 Guy Harris <guy () alum mit edu>:

On Mar 20, 2014, at 8:37 AM, Hadriel Kaplan <hadrielk () yahoo com> wrote:

I think the Prism dissector is being called, but then it hands it to normal 802.11 instead. I don't know anything 
about Prism packets, but the wireshark code appears to expect the Prism message codes (either 0x00000044 for type 1, 
or 0x00000041 for type 2) to be in little-endian order on-the-wire, whereas your packet has it in network-order (ie, 
big-endian) on-the-wire.

Actually, they're not "on-the-wire" at all - the Prism header is radio-level-information metadata generated by and 
written to the packet buffer by the driver.

So the byte order might depend on the driver and the CPU type; he said "mips" - there are both big-endian and 
little-endian MIPS systems, so perhaps

        1) this was a big-endian MIPS system

and

        2) the drivers put the Prism header in host byte order

in which case we need to have the Prism code support both byte orders.

(Yet another reason not to like Prism headers; radiotap:

        http://www.radiotap.org

specifies little-endian byte order, so a non-buggy driver would write out the radiotap header in little-endian order 
*even when running on a big-endian machine*.)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]