Hi, I am analyzing a 802.11n network with various tools using AirPcap Nx cards. In all cases i am seeing 4 extra bytes between LLC-Snap and IEEE-802.11 headers. Most of the tools are failing to recognize traffic properly. wireshark and com-view recognize these 4 extra bytes as LLC header but you can see the Snap header in raw view. Is there any proper header that can be expected in that place. I was not able to find any thing in the web. The network is running fine. asked 02 Mar '12, 14:09  aseemdomaini |
One Answer:
Wireshark might be incorrectly parsing the 802.11 header - it might not be properly recognizing the 802.11n HT Control field, which is 4 bytes long, at the end of the header. Could you file a bug at the Wireshark Bugzilla on this, and, if possible, attach one of the captures where you're seeing the problem, so that we can see if that's the problem and, if so, test a fix and, if not, see what else the problem might be? answered 02 Mar '12, 16:32  Guy Harris ♦♦ |
