Wireshark · Ethereal-users: Re: Re: [Ethereal-users] wlan

Ethereal-users: Re: Re: [Ethereal-users] wlan

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Wed, 25 Jun 2003 17:47:55 +0200

Antii wrote:
> > > If I make a display filter: wlan.data_rate, I get alot of TCP packages 
> > > and other stuff but non of them show in 'network analyzer'. I can see 
> > > there's coming alot of stuff in the 'capture' window.
> > 
> > A display filter "wlan.data_rate" or "wlan" will make Ethereal only 
> showing the frames that have that field. That means only frames that 
> have IEEE 802.11 header.
> > 
> > If you are capturing WLAN traffic on Windows, the captured frames may 
> look as Ethernet frames (no IEEE 802.11 hader). That might be one 
> possible explanation.
> > 
> > Try without out the display filter and look on what protcols there are 
> in the packet e.g. EthernetII/IP/TCP... or similar.
> > 
> > /Martin
> > 
> You mean I leave the filter empty? If I leave it empty I just get TCP 
> and http packages. Btw. I use rh 8.0.

If you take a closer look at the packets when not using a display filter is there any IEEE 802.11 headers? Click on one of the the
http packets and look at the lower levels.

If there is a IEEE802.11 header then a filter "wlan" should match the packet, but the "wlan.data_rate" will only match if the Wiretap encapsulation is IEEE802.11 with radio information.

A filter "wlan.data_rate == 22" would match e.g. the following
packet.


Frame 89 (330 bytes on wire, 330 bytes captured)
    Arrival Time: Jun  6, 2001 15:04:41.070231000
    Time delta from previous packet: 0.001599000 seconds
    Time relative to first packet: 1.101844000 seconds
    Frame Number: 89
    Packet Length: 330 bytes
    Capture Length: 330 bytes
    File Offset: 31842 (0x7c62)
IEEE 802.11
    Data Rate: 11 mb/s
    Channel: 11
    Signal Strength: 65%
    Type/Subtype: Data (32)
    Frame Control: 0x4208
        Version: 0
        Type: Data frame (2)
        Subtype: 0
        Flags: 0x42
            DS status: Frame is exiting DS (To DS: 0  From DS: 1) (0x02)
            .... .0.. = More Fragments: This is the last fragment
            .... 0... = Retry: Frame is not being retransmitted
            ...0 .... = PWR MGT: STA will stay up
            ..0. .... = More Data: No data buffered
            .1.. .... = WEP flag: WEP is enabled
            0... .... = Order flag: Not strictly ordered
    Duration: 218
    Destination address: 00:a0:f8:9b:b9:aa (00:a0:f8:9b:b9:aa)
    BSS Id: 00:a0:f8:8b:20:1f (00:a0:f8:8b:20:1f)
    Source address: 00:a0:c5:e2:6d:a8 (00:a0:c5:e2:6d:a8)
    Fragment number: 0
    Sequence number: 1624
    WEP parameters
        Initialization Vector: 0x00016e
        Key: 1
        WEP ICV: 0x25daa5e1 (correct)
Logical-Link Control
    DSAP: SNAP (0xaa)
    IG Bit: Individual
    SSAP: SNAP (0xaa)
    CR Bit: Command
    Control field: U, func = UI (0x03)
        000. 00.. = Unnumbered Information
        .... ..11 = Unnumbered frame
    Organization Code: Encapsulated Ethernet (0x000000)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 192.216.124.4 (192.216.124.4), Dst Addr: 192.168.0.11 (192.168.0.11)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 290
    Identification: 0xa652 (42578)
    Flags: 0x04
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 232
    Protocol: TCP (0x06)
    Header checksum: 0xedf2 (correct)
    Source: 192.216.124.4 (192.216.124.4)
    Destination: 192.168.0.11 (192.168.0.11)
Transmission Control Protocol
    Source port: 80 (80)
    Destination port: 1060 (1060)
    Sequence number: 1048796160
    Next sequence number: 1048796410
    Acknowledgement number: 3314817294
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 8760
    Checksum: 0xa8a4
Hypertext Transfer Protocol
    HTTP/1.1 304 Not Modified\r\n
    Date: Wed, 06 Jun 2001 17:02:13 GMT\r\n
    Server: Apache/1.3.12 (Unix) AuthMySQL/2.20 PHP/4.0.4 mod_perl/1.24_01 mod_ssl/2.6.6 OpenSSL/0.9.6\r\n
    Connection: Keep-Alive\r\n
    Keep-Alive: timeout=15, max=100\r\n
    ETag: "4e7a6-43-3b04656a"\r\n
    \r\n

Prev by Date: [Ethereal-users] MEGACO Traces
Next by Date: Re: [Ethereal-users] wlan
Previous by thread: Re: [Ethereal-users] wlan
Next by thread: [Ethereal-users] Help!!
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$