[Wireshark-dev] Questions about IEEE 802.11 dissector

2007-04-02 Thread Stig Bjørlykke
Hi. I have some questions about the ieee 802.11 dissector (and the wlancap dissector). I am capturing on Mac OS 10.4.9 with the latest wireshark svn on the wireless device wlt1. 1. When connected to an open network all packages have 4 trailing bytes which is not recognized correctly as a

Re: [Wireshark-dev] Questions about IEEE 802.11 dissector

2007-04-02 Thread Joerg Mayer
On Mon, Apr 02, 2007 at 03:56:59PM +0200, Stig Bj?rlykke wrote: > 1. When connected to an open network all packages have 4 trailing > bytes which is not recognized correctly as a "tagged parameter", and > the packet is tagged malformed. Is this some sort of ICV for > unprotected packages? S

Re: [Wireshark-dev] Questions about IEEE 802.11 dissector

2007-04-02 Thread Stig Bjørlykke
Den 2. apr. 2007 kl. 17.18 skrev Joerg Mayer: > On Mon, Apr 02, 2007 at 03:56:59PM +0200, Stig Bj?rlykke wrote: >> 2. When connected to a wep encrypted network the data package is >> marked as protected but the data part is not encrypted and the >> content is not dissected. Is this be because the

Re: [Wireshark-dev] Questions about IEEE 802.11 dissector

2007-04-02 Thread Joerg Mayer
On Mon, Apr 02, 2007 at 05:51:40PM +0200, Stig Bj?rlykke wrote: > > IIRC, that is configureable as well. Ignore the protection bit. > > This does not work as expected, because dissection of the "WEP > parameters" are omitted and the dissection of LLC starts too early. You are right. Maybe you c

Re: [Wireshark-dev] Questions about IEEE 802.11 dissector

2007-04-02 Thread Joerg Mayer
On Mon, Apr 02, 2007 at 03:56:59PM +0200, Stig Bj?rlykke wrote: > I am capturing on Mac OS 10.4.9 with the latest wireshark svn on the > wireless device wlt1. > 3. A question for the wlancap dissector: The SSI-type seems to have > wrong endian, and the SSI-signal has a negative value. Should

Re: [Wireshark-dev] Questions about IEEE 802.11 dissector

2007-04-02 Thread Guy Harris
Joerg Mayer wrote: > You are right. Maybe you can add yet another prefs flag that says > Ignore the protection bit with IV and change the existing one to > Ignore the protection bit without IV? Or make it a three-way option. ___ Wireshark-dev mailing li

Re: [Wireshark-dev] Questions about IEEE 802.11 dissector

2007-04-02 Thread Guy Harris
On Apr 2, 2007, at 6:56 AM, Stig Bjørlykke wrote: > 3. A question for the wlancap dissector: The SSI-type seems to have > wrong endian, What type of AirPort adapter do you have? I think at least some of them are using (yay!) radiotap headers rather than AVS headers, although some older ones

Re: [Wireshark-dev] Questions about IEEE 802.11 dissector

2007-04-09 Thread Stig Bjørlykke
Den 3. apr. 2007 kl. 01.09 skrev Guy Harris: > What type of AirPort adapter do you have? I'm using a iMac 24" which identifies a Broadcom BCM43xx firmware. > I think at least some of them are using (yay!) radiotap headers rather > than AVS headers, although some older ones might've used AVS head