Hi Guy, Do you have a packet of Joerg ? Because in the screenshot, there is "Magic Value" may be the value is different.... (there is also a type field may be the other field is different if type have other value)
Regards, On Fri, Dec 20, 2013 at 2:03 AM, Guy Harris <[email protected]> wrote: > > On Dec 19, 2013, at 11:54 AM, Guy Harris <[email protected]> wrote: > > > Now that you've provided an example of how Omnipeek dissects the same > packet, we now have more data, probably sufficient to allow us to correctly > dissect the packet, and can improve the dissection of the "Peek remote" > protocol. > > Unfortunately, it may not be sufficient. > > The packets Joerg had when he was reverse-engineering the protocol were > shorter, with a 20-byte "Peek remote" header rather than the 55-byte header > in the packet you have. > > Given that there's a "version" field in the header, and that Omnipeek > reports "correct Header Size" for the value of 55, and the header version > in the packet you have is 2, perhaps, for each version of the header, > there's a fixed size, and the "header size" field is there so that, if some > program that receives packets gets a header version it doesn't understand, > it can skip past the header and get to the 802.11 packet. > > Do you happen to know whether that is the case? > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
