tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 802.11 + radio headers question...

From: Eddie Harari <eddie.harari () gmail com>
Date: Tue, 14 Apr 2009 11:54:50 -0400
so when i "sniff" a packet from my "monitor" mode intel chipset based wifi
card ,
how do i know which radio info is preceding the 802.11 header ?


On Tue, Apr 14, 2009 at 11:07 AM, Eddie Harari <eddie.harari () gmail com>wrote:


Thanks for the quick response.

Is there an RFC for 802.11 radio headers ?
all the cards give same headers ?

 thanks ,

 Eddie.



On Mon, Apr 13, 2009 at 3:42 PM, Guy Harris <guy () alum mit edu> wrote:



On Apr 12, 2009, at 12:06 AM, Eddie Harari wrote:

  802.11 headers there is data field, what it this data field ?




According to IEEE Std 802.11-2007, section 7.1.2 "General frame format",
an 802.11 frame has:

       a 2-byte frame control field;

       a 2-byte duration/ID field;

       up to 4 6-byte MAC address fields;

       a 2-byte sequence control field;

       an optional 2-byte QoS field;

       a frame body;

       a 4-byte FCS field.

I don't see any field in the 802.11 headers called "data".  Are you
referring to the frame body?

  does it begin with IP headers or something preceds the IP headers ?




For data frames, the frame body begins with an IEEE 802.2 header, possibly
followed by a SNAP header, followed by the payload for the protocol being
carried over 802.11, such as IP.

  in ethernet  environment there is a protocol field in the headers that

tells which protocol is in the body of the packet
 (ip / arp / rarp etc...) ,



Ethernet frames can either contain a protocol type field or a length
field; if it's a length field, the header is either followed by an 802.2
header possibly followed by a SNAP header or by a raw Novell IPX packet.

 is there something which is the same on 802.11

headers ?



There is no type field in an 802.11 header similar to the Ethernet type
field.  For protocols that have an Ethernet type value, for 802.11 (and
Token Ring and FDDI and some other protocols), the 802.2 header following
the 802.11 header will have source and destination SAP values of hex AA,
meaning that there's a SNAP header following the 802.2 header, and the SNAP
header will have an OUI value of hex 000000 and a protocol ID value that is
an Ethernet type (an OUI of 000000 in a SNAP header means that the protocol
ID value in the SNAP header is an Ethernet type).

See:

       IEEE Std 802.11-2007:


http://standards.ieee.org/getieee802/download/802.11-2007.pdf

       ANSI/IEEE Std 802.2, 1998 Edition:


http://standards.ieee.org/getieee802/download/802.2-1998.pdf

       IEEE Std 802-2001, section 10 (for SNAP):

               http://standards.ieee.org/getieee802/download/802-2001.pdf

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.





-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: