This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

IEEE 802.11 Vendor-specific Action

0

I want to make dissector for custom protocol, that applies IEEE802.11 Action Vendor frame technology. I made capture and it turns out the packets of this protocol are marked malformed. The packet contains radiotap header, followed by radio header and then comes IEEE 802.11, the type is management frame and the subtype is action. The problem comes with IEEE 802.11 wireless LAN management frame, the category code is Vendor Specific(127), followed by OUI(Organization Unique Identifier). The remaining bytes (without 4 bytes for frame check sum) must be Vendor Specific content, but for some reason wireshark is looking for tag number and tag length, this two fields are marked red. I am wondering if I can make dissector that works between IEEE 802.11 Action and IEEE 802.11 wireless LAN management frame. I will add the capture, and you can use this filter (wlan_mgt.fixed.category_code == 127 && wlan_mgt.tag.oui == 1637940).

capture - https://drive.google.com/file/d/0BzvRjmQgxbzUNWdMTWFSQkphQmM/view?usp=sharing

asked 29 Oct '16, 08:19

ivan1's gravatar image

ivan1
11114
accept rate: 0%


One Answer:

1

Looking at epan/dissectors/packet-ieee8011.c:add_ff_action_vendor_specific() there seems to be no code handling OUI's other than OUI_MARVELL and OUI_WFA, and there's no subdissector table to register to. So other than modifying this code and recompiling Wireshark I see no option getting this in and the moment.

answered 29 Oct '16, 15:50

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%