Wireshark-dev: Re: [Wireshark-dev] Questions about IEEE 802.11 dissector
From: Joerg Mayer <[email protected]>
Date: Mon, 2 Apr 2007 17:18:17 +0200
On Mon, Apr 02, 2007 at 03:56:59PM +0200, Stig Bj?rlykke wrote:
> 1. When connected to an open network all packages have 4 trailing  
> bytes which is not recognized correctly as a "tagged parameter", and  
> the packet is tagged malformed.  Is this some sort of ICV for  
> unprotected packages?  See the attached capture ieee80211-clear.pcap.

Got to the preferences, protocols, ieee80211 and select that the frame
is to be treated to include the FCS. That might help.

> 2. When connected to a wep encrypted network the data package is  
> marked as protected but the data part is not encrypted and the  
> content is not dissected.  Is this be because the mac os driver has  
> decrypted the data before they are captured with wireshark?  In this  
> case I think the data should be dissected.  See the attached capture  
> ieee80211-wep.pcap, with a IPP package which is not dissected.

IIRC, that is configureable as well. Ignore the protection bit.

> 3. A question for the wlancap dissector: The SSI-type seems to have  
> wrong endian, and the SSI-signal has a negative value.  Should this  
> be handled by the dissector?
> I do not know anything about the 802.11 protocol (yet), but I am  
> willing to make a fix if I understand how to handle this :)

Need to check.

Joerg Mayer                                           <[email protected]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.