> -----Ursprüngliche Nachricht----- > Von: [email protected] [mailto:netsniff- > [email protected]] Im Auftrag von Daniel Borkmann > Gesendet: Donnerstag, 23. August 2012 16:50 > An: [email protected] > Betreff: Re: [netsniff-ng] 802.11 mac hdr > > On Thu, Aug 23, 2012 at 4:20 PM, Emmanuel Roullit <emmanuel@netsniff- > ng.org> wrote: > > On 08/23/2012 04:04 PM, Markus Amend wrote: > >> > >> Hi, > >> > >> currently I’m working on proto_80211_mac_hdr.c and have problems with > >> getting infos to the construction of several subheader formats. For > >> example the beacon frame: > >> > >> $ netsniff-ng -i examples/pcap/802.11/Network_Join_Nokia_Mobile.pcap > >> -n1 (currently only works with > >> https://github.com/markusa/netsniff-ng) > >> > >> The timestamp I get is 0x84211a6902000000 while in wireshark it is > >> 0x00000002691a2184 and I don’t know why because of missing > >> documentation. Furthermore there are a lot of more fields in a beacon > >> frame where I don’t know how to evaluate them. > > > > > > The answer is byte-order. This info is captured in network-byte order > > (big-endian). > > In your implementation, this timestamp is saved in a uint8t [8] so the > > byte order stays as is. > > Wireshark very likely saves it as a uint64_t and converts it to > > little-endian (x86 natural endianness) before printing it to the user. > > > > More info with "man be64toh" > > There are also helper functions in > https://github.com/gnumaniacs/netsniff-ng/blob/master/src/built_in.h . > See cpu_to_* resp. *_to_cpu.
I know, but at the moment I haven't used because I thought wlan frame is little endian. Later on I will use le_to_cpu. > > >> Has anybody the 802.11 standard where are detailed informations about > >> that? > >> > > > > I did not have time to look for the specs but there should be RFC's > > for that > > > > Regards, > > > > Emmanuel > > > >> Greetings > >> > >> -- > >> > >> > > > > -- > > > > > > -- > --
