Revision history [back]
How are wlan.bssid and wlan.staa obtained?
I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:
bssid:
staa (hidden the IP's):
How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.
I've digged around source code to try to understand how, but was not succesfull.
EDIT: I was able to find a picture, that derives the bssid from to ds/from ds fields. Maybe thats exactly the way?
How is STAA obtained is still a question.
How are wlan.bssid and wlan.staa obtained?
I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:
bssid:
staa (hidden the IP's):
How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.
I've digged around source code to try to understand how, but was not succesfull.
EDIT: I was able to find a picture, that derives the bssid from to ds/from ds fields. Maybe thats exactly the way?
How is STAA obtained is still a question.
How are wlan.bssid and wlan.staa obtained?
I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:
bssid:
staa (hidden the IP's):
(
How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.
I've digged around source code to try to understand how, but was not succesfull.
How are is wlan.bssid and wlan.staa obtained?
I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:
bssid:
staa (hidden the IP's):
(
How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.
I've digged around source code to try to understand how, but was not succesfull.
How is wlan.bssid and wlan.staa obtained?
I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:
bssid:
staa (hidden the IP's):
(
How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.
I've digged around source code to try to understand how, but was not succesfull.