Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Change of decoding for Airopeek/Omnipeek 802.11 header with

From: "Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco)" <emedward@xxxxxxxxx>
Date: Sat, 21 Dec 2013 15:55:21 +0000

Alexis,

Sure, I can open a bug soon.

 

Guy,

 

>> The legacy header does *not* appear to have a magic number, based on the capture file Joerg made available.

>> 

>> Do you have complete details on what it contains, so that we can finish the dissector for it?

 

Yes, the legacy header has NO magic number, whereas the with 802.11n support header, the magic number would exist.

It is a fixed value of 00ffabcd.

 

>> 1) make a heuristic dissector for the new header, and have it check for the magic number, so that, for the new header, you *don't* have to use "Decode As...";

 

I think, we can have it by the usual, i.e. by the existing AnalyzeàDecode AsàPEEKREMOTE decoding.

This is because, perhaps, with the i/p hex-dump, we can first check for the ‘magic number’.

If magic number exists (being a fixed value of 00ffabcd, we can have it as a conditional check), we can go ahead to dissect per the 55-byte header format.

Else, if no magic number, then we can dissect for the 20-byte header.

 

The main objective of the changes, IMHO, is that, to classify the dissections (for both 20 & 55-byte headers) in an informative manner; and the ‘magic number’ can be used to select between the 20 OR 55-byte header dissection.

Can you please clarify the reason, to not go by the typical ‘Decode As..’ from your latest reply.   

 

 

Thanks and Regards,

Emburey