Hi.
I have some questions about the ieee 802.11 dissector (and the
wlancap dissector).
I am capturing on Mac OS 10.4.9 with the latest wireshark svn on the
wireless device wlt1.
1. When connected to an open network all packages have 4 trailing
bytes which is not recognized correctly as a "tagged parameter", and
the packet is tagged malformed. Is this some sort of ICV for
unprotected packages? See the attached capture ieee80211-clear.pcap.
2. When connected to a wep encrypted network the data package is
marked as protected but the data part is not encrypted and the
content is not dissected. Is this be because the mac os driver has
decrypted the data before they are captured with wireshark? In this
case I think the data should be dissected. See the attached capture
ieee80211-wep.pcap, with a IPP package which is not dissected.
3. A question for the wlancap dissector: The SSI-type seems to have
wrong endian, and the SSI-signal has a negative value. Should this
be handled by the dissector?
I do not know anything about the 802.11 protocol (yet), but I am
willing to make a fix if I understand how to handle this :)
--
Stig Bjørlykke
Attachment:
ieee80211-clear.pcap
Description: Binary data
Attachment:
ieee80211-wep.pcap
Description: Binary data