I am currently using AirPcap Nx and Wireshark, and I want to be sure that I am not missing any individual 802.11 frames. In particular, if I see a packet that Wireshark labels LLC, TCP, RTMP, HTTP, etc., is this still a single 802.11 packet communicated over the air interface OR is such a packet an aggregation of multiple 802.11 packets or fragments. asked 13 Dec '11, 17:46  S_P |
One Answer:
You're in luck. Wireshark, as a network sniffer, is interested in collecting individual frames, so you have them. But Wireshark also tries to make a higer layer presentation of the protocol riding on top of these frames. Sometimes this requires reassembly of fragmented messages. But you can always drill down to the individual frames. answered 13 Dec '11, 23:43  Jaap ♦ |
