In a Lua script, I'm looking for the length of the "wlan" header in each packet, and I can't find any "wlan.length" value (the value "28 bytes" in attached screenshot) I have frame.len, radiotap.length, data.len if packets are encrypted, and I can do some maths with that. But for example if packets are not encrypted data packets with several data headers, I can't do my maths to retrieve the length of wlan header. How does Wireshark retrieve that "28 bytes" value?
asked 15 Feb '16, 08:12  TomLaBaude |
2 Answers:
The header size is not directly available as a field of the wireless frame but comes out from the frame type answered 15 Feb '16, 10:23  sindy edited 16 Feb '16, 01:12 |
If you can get answered 16 Feb '16, 01:25  Guy Harris ♦♦ Interesting, I tried to retrieve length of the tvb, but was not aware of FieldInfo. Gonna try right now (16 Feb '16, 01:36) TomLaBaude Something is wrong in FieldInfo length of wlan field, seems like the Frame Check Sequence (located at the end of the packet) interferes: Ex for a QoS Data Packet: wlan (38 bytes) - shown on the GUI -> 34 bytes for the wlan header -> 4 bytes for the FCS (end of packet) Lua: local wlan_f = Field.new("wlan") ... function .... print(wlan_f().len) -> 26 26 doesn't represent anything... There's a "jump" in the GUI looking for the FCS at the end, but in the case of a QoS Data packet, there are other fields after the FCS (QoS Control & CCMP parameters) It seems that Lua doesn't count fully QoS Control (2 bytes) & CCMP parameters (8 bytes) 26 + 2 + 8 = 36 ... There are 2 bytes somewhere ... Bug? (16 Feb '16, 02:02) TomLaBaude |
Thanks Sindy (at the end, "reading the specs" always win ...)