Using hexviewer to look at the pcap file, how do you know the start of frame?

Here's a description of the pcap file format, and here's a description of the pcap-ng file format; those are the two standard Wireshark file formats. Older versions defaulted to pcap; newer versions default to pcap-ng.

In pcap files, packets are in the records that appear after the file header, and the lowest-level contents of the packet are described by the link-layer header type value in the file header.

In pcap-ng files, packets are in Packet Blocks, Enhanced Packet Blocks, or Simple Packet Blocks; Wireshark uses Enhanced Packet Blocks. Each packet has an interface ID value, which refers to one of the interfaces described by Interface Description Blocks in the file. The lowest-level contents of the packet are described by the link-layer header type value in the Interface Description Block for the interface on which the packet arrived.

Here is a description of the link-layer header type values. If you have 802.11 traffic, the link-layer header type will be one of:

• LINKTYPE_IEEE802_11 (105), in which the packet data looks like Figure 8-1 of IEEE Std 802.11-2012, i.e. the packet data begins with the Frame Control field, followed by the Duration/ID field, followed by the Address 1 field, etc.;
• LINKTYPE_IEEE802_11_PRISM (119), in which the packet data begins with a Prism header giving some metadata for the packet, followed by packet data that looks like Figure 8-1 of IEEE Std 802.11-2012;
• LINKTYPE_IEEE802_11_RADIOTAP (127), in which the packet data begins with a radiotap header giving some metadata for the packet, followed by packet data that looks like Figure 8-1 of IEEE Std 802.11-2012;
• LINKTYPE_IEEE802_11_AVS (163), in which the packet begins with an AVS header giving some metadata for the packet, followed by packet data that looks like Figure 8-1 of IEEE Std 802.11-2012;
• LINKTYPE_PPI, in which the packet begins with a fairly complicated header giving metadata for the packet, in addition to a link-layer header type value, followed by packet data of the type given by the link-layer header type value in the PPI header (for example, LINKTYPE_IEEE802_11, in which case the packet data would look like Figure 8-1 of IEEE Std 802.11-2012).

In none of those formats will you see any PHY-layer information such as the SFD.

So the frame format is the same as the 802.11 frame format as described in section 8 "Frame formats" of IEEE Std 802.11-2012; it is not the same as the format as described in:

• section 14 "Frequency-Hopping spread spectrum (FHSS) PHY specification for the 2.4 GHz industrial, scientific, and medical (ISM) band";
• section 16 "DSSS PHY specification for the 2.4 GHz band designated for ISM applications";
• section 17 "High Rate direct sequence spread spectrum (HR/DSSS) PHY specification" (i.e., 802.11b);
• section 18 "Orthogonal frequency division multiplexing (OFDM) PHY specification" (i.e., 802.11a);
• section 19 "Extended Rate PHY (ERP) specification" (i.e., 802.11g);
• section 20 "High Throughput (HT) PHY specification" (i.e., 802.11n);
• the drafts for IEEE 802.11ac;

because it does not contain the PHY-layer information given there.

So you can't find the start frame delimiter because it isn't there, just as the Ethernet start frame delimiter isn't in LINKTYPE_ETHERNET (1) captures.