> Oh, and one more thing: > > Some network adapters, when running in a mode where they supply an 802.11 > header (such as monitor mode), put some padding in between the 802.11 > header and the payload, so the 802.2 LLC header in a data frame might not > immediately follow the 802.11 header (regardless of whether the payload is > encrypted or not). The radiotap header includes a flag for that - it's the > 0x20 flag bit in the Flags field: > > http://www.radiotap.org/defined-fields/Flags > > I have two questions. I believe, the data packets destined for my AP, will be decrypted by the hardware itself In any case, when I get them in userland, they should be unencrypted. right ? If I look at tpdump code, for each data frame, I need to check FC_WEP(fc), if only its false, I should check further. then get the header length. int hdrlen = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24; if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) hdrlen += 2
And then, if then jump this length to check for ether type, using the llc frame . I hope I am not missing any detail. As on doing the above .. i get very low frequency of arp,udp packets, but I never get tcp packets output on my screen , even though I am browsing. Any comments ? Abhinav
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
