Revision history [back]
decoding SLL 802.11 in wireshark can not work
I need to capture simultaneously on 2 interfaces (802.11 in monitor mode and Ethernet). Wireshark displays packets with a SLL prefix but cannot decode the Wifi packets and the associated RadioTap header. For those packets, the SLL contains 803 (802.11+RadioTap) in ARPHRD and 4 (Ethernet-II) in ProtocolType. It seems Wireshark is using the ProtocolType as the hint and completely ignore the ARPHRD.
I think there's no protocolType assigned in if_ether.h for RadioTap and decoding as ethernet cannot work. I even disabled all protocol dissectors (except SLL, Radiotap and 802.11) and Wireshark still cannot decode.
Since there's no protocolType assigned for Radiotap I think the SLL dissector should use ARPHRD value as the principal hint because it is explicit: the first portion must be decoded as RadioTap and the second as 802.11.
Tested in WireShark 2.2.17 and 2.6.3.
Did I missed something obvious?
decoding SLL 802.11 in wireshark can not work
I need to capture simultaneously on 2 interfaces (802.11 in monitor mode and Ethernet). Wireshark displays packets with a SLL prefix but cannot decode the Wifi packets and the associated RadioTap header. For those packets, the SLL contains 803 (802.11+RadioTap) in ARPHRD and 4 (Ethernet-II) in ProtocolType. It seems Wireshark is using the ProtocolType as the hint and completely ignore the ARPHRD.
I think there's no protocolType assigned in if_ether.h for RadioTap and decoding as ethernet cannot work. I even disabled all protocol dissectors (except SLL, Radiotap and 802.11) and Wireshark still cannot decode.
Since there's no protocolType assigned for Radiotap I think the SLL dissector should use ARPHRD value as the principal hint because it is explicit: the first portion must be decoded as RadioTap and the second as 802.11.
Tested in WireShark 2.2.17 and 2.6.3.
Did I missed something obvious?
decoding SLL 802.11 in wireshark can not work
I need to capture simultaneously on 2 interfaces (802.11 in monitor mode and Ethernet). Wireshark displays packets with a SLL prefix but cannot decode the Wifi packets and the associated RadioTap header.
For those packets, the SLL contains 803 (802.11+RadioTap) in ARPHRD and 4 1 (Ethernet-II) in ProtocolType.
It seems Wireshark is using the ProtocolType as the hint and completely ignore the ARPHRD.
I think there's no protocolType assigned in if_ether.h for RadioTap and decoding as ethernet cannot work. I even disabled all protocol dissectors (except SLL, Radiotap and 802.11) and Wireshark still cannot decode.
Since there's no protocolType assigned for Radiotap I think the SLL dissector should use ARPHRD value as the principal hint because it is explicit: the first portion must be decoded as RadioTap and the second as 802.11.
Tested in WireShark 2.2.17 and 2.6.3.
Did I missed something obvious?
decoding SLL 802.11 in wireshark can not work
I need to capture simultaneously on 2 interfaces (802.11 in monitor mode and Ethernet). Wireshark displays packets with a SLL prefix but cannot decode the Wifi packets and the associated RadioTap header. For those packets, the SLL contains 803 (802.11+RadioTap) in ARPHRD and 1 (Ethernet-II) in ProtocolType. It seems Wireshark is using the ProtocolType as the hint and completely ignore the ARPHRD.
I think there's no protocolType assigned in if_ether.h for RadioTap and decoding as ethernet cannot work. I even disabled all protocol dissectors (except SLL, Radiotap and 802.11) and Wireshark still cannot decode.
Since there's no protocolType assigned for Radiotap I think the SLL dissector should use ARPHRD value as the principal hint because it is explicit: the first portion must be decoded as RadioTap and the second as 802.11.
Tested in WireShark 2.2.17 and 2.6.3.
Did I missed something obvious?