This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how do you use AirPcap to capture A-MSDU packet?

0

Hello everyone! I want to capture A-MSDU. I use AirPcap, but I don't khown how will A-MSDU appear? I read some document that show A-MSDU in UDP packets. So how do i have to crate it so that i have A-MSDU quickly and exactly. Thank everyone for your help!!!

asked 04 Jan '11, 01:22

haquyen's gravatar image

haquyen
1667
accept rate: 0%

One Answer:

1

Hi haquen, here is a sample decode of packet captured with an AirPcap Nx adapter. Scroll half way down for the 'IEEE 802.11 Aggregate MSDU' section.

Martin Lewald

Frame 8: 171 bytes on wire (1368 bits), 171 bytes captured (1368 bits)
**PPI version 0, 48 bytes**
Version: 0
Flags: 0x00
Header length: 48
DLT: 105
802.11-Common
802.11n MAC
**IEEE 802.11 QoS Data, Flags: .......TC**
Type/Subtype: QoS Data (0x28)
Frame Control: 0x0188 (Normal)
Duration: 44
BSS Id: Buffalo_6f:03:c7 (00:16:01:6f:03:c7)
Source address: Buffalo_73:02:51 (00:16:01:73:02:51)
Destination address: Buffalo_6f:03:c7 (00:16:01:6f:03:c7)
Fragment number: 0
Sequence number: 812
Frame check sequence: 0x2c0a88fb [correct]
    [Good: True]
    [Bad: False]
QoS Control
**IEEE 802.11 Aggregate MSDU**
A-MSDU Subframe #1
    Destination address: 3com_27:f9:b2 (00:01:02:27:f9:b2)
    Source address: Buffalo_73:02:51 (00:16:01:73:02:51)
    MSDU length: 0x004F
    Logical-Link Control
        DSAP: SNAP (0xaa)
        IG Bit: Individual
        SSAP: SNAP (0xaa)
        CR Bit: Command
        Control field: U, func=UI (0x03)
        Organization Code: Encapsulated Ethernet (0x000000)
        Type: IP (0x0800)
    Internet Protocol, Src: 192.168.1.131 (192.168.1.131), Dst: 208.120.229.215 (208.120.229.215)
        Version: 4
        Header length: 20 bytes
        Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        Total Length: 71
        Identification: 0x86cd (34509)
        Flags: 0x02 (Don't Fragment)
        Fragment offset: 0
        Time to live: 128
        Protocol: TCP (6)
        Header checksum: 0xfb67 [correct]
        Source: 192.168.1.131 (192.168.1.131)
        Destination: 208.120.229.215 (208.120.229.215)
    Transmission Control Protocol, Src Port: iec-104 (2404), Dst Port: 28249 (28249), Seq: 1, Ack: 1, Len: 19
        Source port: iec-104 (2404)
        Destination port: 28249 (28249)
        [Stream index: 0]
        Sequence number: 1    (relative sequence number)
        [Next sequence number: 20    (relative sequence number)]
        Acknowledgement number: 1    (relative ack number)
        Header length: 32 bytes
        Flags: 0x18 (PSH, ACK)
            000. .... .... = Reserved: Not set
            ...0 .... .... = Nonce: Not set
            .... 0... .... = Congestion Window Reduced (CWR): Not set
            .... .0.. .... = ECN-Echo: Not set
            .... ..0. .... = Urgent: Not set
            .... ...1 .... = Acknowledgement: Set
            .... .... 1... = Push: Set
            .... .... .0.. = Reset: Not set
            .... .... ..0. = Syn: Not set
            .... .... ...0 = Fin: Not set
        Window size: 32732
        Checksum: 0xc1fb [validation disabled]
            [Good Checksum: False]
            [Bad Checksum: False]
        Options: (12 bytes)
            NOP
            NOP
            Timestamps: TSval 1266352, TSecr 410613
        [SEQ/ACK analysis]
            [Number of bytes in flight: 19]
        [PDU Size: 19]
    IEC 60870-5-104-Apci: <ERR 19 bytes>

answered 05 Jan '11, 10:17

Martin%20Lewald's gravatar image

Martin Lewald
162
accept rate: 0%

edited 05 Jan '11, 10:18