Wireshark-users: Re: [Wireshark-users] Cannot dissect IEEE802.11 data frames
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Vasily Postnicov <shamaz.mazum@xxxxxxxxx>
Date: Sat, 21 May 2016 13:25:49 +0300

Thanks again for the tip. I was able to capture some frames with radiotap headers, which wireshark properly dissected.

20 мая 2016 г. 22:20 пользователь "Guy Harris" <guy@xxxxxxxxxxxx> написал:
On May 19, 2016, at 6:19 AM, Vasily Postnicov <shamaz.mazum@xxxxxxxxx> wrote:

> Unfortunately, I cannot check this right now, but thanks for advice anyway. Do you have any ideas, what these last two bytes might be?

The 00 00 could be "Atheros padding" - some Atheros adapters, when providing raw 802.11 frames, "helpfully" add some padding between the 802.11 header and 802.11 payload, presumably to put the payload on some nice boundary in memory.

The radiotap header has a flag that allows the driver to say "this frame has Atheros padding", and, if that's set, Wireshark recognizes and ignores the padding.  With no radiotap header, there's no way to indicate the presence of the padding.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe