Wireshark · Wireshark-dev: Re: [Wireshark-dev] Does it make any sense to supply Radiotap + 802.11 headers for packets captured

[Yang Luo <hsluoyb@xxxxxxxxx>]

Someone told me that:

• could you please automatically provide Ethernet pseudo-headers rather than Radiotap etc. when the WLAN NIC is switched to "managed" (STA) mode? The point is that Wireshark doesn't dissect frames whose 802.11 header indicates some Data subtypes (probably encrypted ones) although the actual payload has been decrypted by the NIC. So you can see the plaintext contents in the hex dump but the dissection says just "Data".

So it seems that Wireshark doesn't quite support option 3)?

On Tue, Apr 19, 2016 at 10:07 PM, Yang Luo <hsluoyb@xxxxxxxxx> wrote:

Hi list,

There is an opinion that packet capture library should provide:

1) fake Ethernet packets on managed mode

2) 802.11 packets on monitor mode.

And Npcap currently can supply Radiotap + 802.11 headers for packets captured on wireless adapter for managed mode. Whether supplying 802.11 or not is controlled by installing normal version or -wifi version Npcap. It's not linked with the current operation mode for now.

So Npcap can provide the third option:

3) 802.11 packets on managed mode (only 802.11 data packets)

I want to know does this 3) option make any sense to anyone? How does Linux handle this? I want to keep the same behavior with Linux.

If 3) is useless, then I will remove it

Cheers,

Yang