Wireshark-users: Re: [Wireshark-users] Cannot dissect IEEE802.11 data frames
From: Vasily Postnicov <shamaz.mazum@xxxxxxxxx>
Date: Thu, 19 May 2016 16:19:29 +0300

Unfortunately, I cannot check this right now, but thanks for advice anyway. Do you have any ideas, what these last two bytes might be? Maybe wireshark has some knob, that makes it read these bytes?

17 мая 2016 г. 20:26 пользователь "Guy Harris" <guy@xxxxxxxxxxxx> написал:
On May 17, 2016, at 5:58 AM, Vasily Postnicov <shamaz.mazum@xxxxxxxxx> wrote:

> Hello! I am using wireshark 2.0.3 from FreeBSD ports for the first time. I am not good in computer networks and try to analyze traffic captured over unencrypted Wi-Fi network. Turns out that data frames dissection is wrong in my case: wireshark can't dissect further than LLC protocol. I attach pcap file produced by airodump-ng.

Can you capture with radiotap headers?  That capture was made without them, but the radiotap header might give Wireshark information it needs to treat either the 00 00 or the 40 00 before the LLC header in a way that allows it to find the LLC header properly.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe