Re: [tcpdump-workers] regarding wireless data frames

[abhinav narain <abhinavnarain10 () gmail com>]

> Oh, and one more thing:
>
> Some network adapters, when running in a mode where they supply an 802.11
> header (such as monitor mode), put some padding in between the 802.11
> header and the payload, so the 802.2 LLC header in a data frame might not
> immediately follow the 802.11 header (regardless of whether the payload is
> encrypted or not).  The radiotap header includes a flag for that - it's the
> 0x20 flag bit in the Flags field:
>
>        http://www.radiotap.org/defined-fields/Flags
>
> I have two questions.
I believe, the data packets destined for my AP, will be decrypted by the
hardware itself
In any case, when I get them in userland, they should be unencrypted. right
?
If I look at tpdump code, for each data frame, I need to check
FC_WEP(fc), if only its false, I should check further.
then get the header length.
  int hdrlen  = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24;
   if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
   hdrlen += 2

And then, if then jump this length to check for ether type, using the llc
frame .
I hope I am not missing any detail.
As on doing the above .. i get very low frequency of arp,udp packets, but I
never get tcp packets output on my screen , even though  I am browsing.

Any comments ?

Abhinav

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe