On 08/23/2012 04:04 PM, Markus Amend wrote:
Hi,
currently I’m working on proto_80211_mac_hdr.c and have problems with
getting infos to the construction of several subheader formats. For
example the beacon frame:
$ netsniff-ng -i examples/pcap/802.11/Network_Join_Nokia_Mobile.pcap -n1
(currently only works with https://github.com/markusa/netsniff-ng)
The timestamp I get is 0x84211a6902000000 while in wireshark it is
0x00000002691a2184 and I don’t know why because of missing
documentation. Furthermore there are a lot of more fields in a beacon
frame where I don’t know how to evaluate them.
The answer is byte-order. This info is captured in network-byte order
(big-endian).
In your implementation, this timestamp is saved in a uint8t [8] so the
byte order stays as is.
Wireshark very likely saves it as a uint64_t and converts it to
little-endian (x86 natural endianness) before printing it to the user.
More info with "man be64toh"
Has anybody the 802.11 standard where are detailed informations about that?
I did not have time to look for the specs but there should be RFC's for that
Regards,
Emmanuel
Greetings
--
--
