Re: Does it make any sense to supply Radiotap + 802.11 headers for packets captured on wireless adapter for managed mode?

[Yang Luo <hsluoyb () gmail com>]

Someone told me that:

   - could you please automatically provide Ethernet pseudo-headers rather
   than Radiotap etc. when the WLAN NIC is switched to "managed" (STA) mode?
   The point is that Wireshark doesn't dissect frames whose 802.11 header
   indicates some Data subtypes (probably encrypted ones) although the actual
   payload has been decrypted by the NIC. So you can see the plaintext
   contents in the hex dump but the dissection says just "Data".


So it seems that Wireshark doesn't quite support option 3)?

On Tue, Apr 19, 2016 at 10:07 PM, Yang Luo <hsluoyb () gmail com> wrote:

> Hi list,
>
> There is an opinion that packet capture library should provide:
> 1) fake Ethernet packets on managed mode
> 2) 802.11 packets on monitor mode.
>
> And Npcap currently can supply Radiotap + 802.11 headers for packets
> captured on wireless adapter for managed mode. Whether supplying 802.11 or
> not is controlled by installing normal version or -wifi version Npcap. It's
> not linked with the current operation mode for now.
>
> So Npcap can provide the third option:
> 3) 802.11 packets on managed mode (only 802.11 data packets)
>
> I want to know does this 3) option make any sense to anyone? How does
> Linux handle this? I want to keep the same behavior with Linux.
>
> If 3) is useless, then I will remove it
>
>
> Cheers,
> Yang
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe