Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs

[Alexis La Goutte <alexis.lagoutte () gmail com>]

Hi,

It is possible to create a bug in bugtracker and attach pcap samples (and
the screen in OmniPeek) ?


On Fri, Dec 20, 2013 at 3:44 PM, Emburey Samrex Edward -X (emedward - EMBED
UR SYSTEMS at Cisco) <emedward () cisco com> wrote:

>  Hi Guy, Alexis,
>
>
>
> I think, I should have mentioned this earlier.
>
>
>
> There does exist two different headers: a 20-byte (legacy) and a 55-byte
> (with additional, 802.11n support)
>
>
>
> To accommodate the 802.11n header, we would need a different dissection at
> dissect_peekremote(), apart from the way legacy header had been dealt.
>
> May be, we can have the ‘magic number’ as reference from the obtained
> hex-dump, to choose between the two dissection methods.
>
>
>
> PFA the difference in dissection that omnipeek performs on a 20-byte and a
> 55-byte header. (compare_80211n_legacy_omnipeek.png)
>
> I believe it helps in the classification of fields to be done at
> dissect_peekremote().
>
>
>
> Please let me know your further queries/comments.
>
> Once clear, I’ll go ahead to file a bug, with all these snaps & pkt
> captures.
>
>
>
>
>
> Thanks and Regards,
>
> Emburey
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe