On Thu, Aug 23, 2012 at 4:20 PM, Emmanuel Roullit <[email protected]> wrote: > On 08/23/2012 04:04 PM, Markus Amend wrote: >> >> Hi, >> >> currently I’m working on proto_80211_mac_hdr.c and have problems with >> getting infos to the construction of several subheader formats. For >> example the beacon frame: >> >> $ netsniff-ng -i examples/pcap/802.11/Network_Join_Nokia_Mobile.pcap -n1 >> (currently only works with https://github.com/markusa/netsniff-ng) >> >> The timestamp I get is 0x84211a6902000000 while in wireshark it is >> 0x00000002691a2184 and I don’t know why because of missing >> documentation. Furthermore there are a lot of more fields in a beacon >> frame where I don’t know how to evaluate them. > > > The answer is byte-order. This info is captured in network-byte order > (big-endian). > In your implementation, this timestamp is saved in a uint8t [8] so the byte > order stays as is. > Wireshark very likely saves it as a uint64_t and converts it to > little-endian (x86 natural endianness) before printing it to the user. > > More info with "man be64toh"
There are also helper functions in https://github.com/gnumaniacs/netsniff-ng/blob/master/src/built_in.h . See cpu_to_* resp. *_to_cpu. >> Has anybody the 802.11 standard where are detailed informations about >> that? >> > > I did not have time to look for the specs but there should be RFC's for that > > Regards, > > Emmanuel > >> Greetings >> >> -- >> >> > > -- > > --
