Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cannot dissect IEEE802.11 data frames

From: Vasily Postnicov <shamaz.mazum () gmail com>
Date: Sat, 21 May 2016 13:25:49 +0300
Thanks again for the tip. I was able to capture some frames with radiotap
headers, which wireshark properly dissected.
20 мая 2016 г. 22:20 пользователь "Guy Harris" <guy () alum mit edu> написал:


On May 19, 2016, at 6:19 AM, Vasily Postnicov <shamaz.mazum () gmail com>
wrote:


Unfortunately, I cannot check this right now, but thanks for advice

anyway. Do you have any ideas, what these last two bytes might be?

The 00 00 could be "Atheros padding" - some Atheros adapters, when
providing raw 802.11 frames, "helpfully" add some padding between the
802.11 header and 802.11 payload, presumably to put the payload on some
nice boundary in memory.

The radiotap header has a flag that allows the driver to say "this frame
has Atheros padding", and, if that's set, Wireshark recognizes and ignores
the padding.  With no radiotap header, there's no way to indicate the
presence of the padding.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: