Wireshark-dev: Re: [Wireshark-dev] Questions about IEEE 802.11 dissector

From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Mon, 2 Apr 2007 18:48:58 +0200

On Mon, Apr 02, 2007 at 03:56:59PM +0200, Stig Bj?rlykke wrote:
> I am capturing on Mac OS 10.4.9 with the latest wireshark svn on the  
> wireless device wlt1.

> 3. A question for the wlancap dissector: The SSI-type seems to have  
> wrong endian, and the SSI-signal has a negative value.  Should this  
> be handled by the dissector?

I think that the capture software that writes the AVS header is buggy.
To quote the AVS standard document:

> 3. Byte Order
> All multibyte fields of the capture header are in "network" byte
> order. The "host to network" and "network to host" functions should
> work just fine. All the remaining multibyte fields are ordered
> according to their respective standards.

"the remaining multibyte fields" are the ieee80211 payload.
So in this case it looks like whoever wrote the AVS header writing
stuff got some elements right but not others.

  ciao
     Joerg
--
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.