Wireshark-dev: Re: [Wireshark-dev] Questions about IEEE 802.11 dissector

From: Stig Bjørlykke <stig.bjorlykke@xxxxxxxxx>
Date: Mon, 2 Apr 2007 17:51:40 +0200
Den 2. apr. 2007 kl. 17.18 skrev Joerg Mayer:
On Mon, Apr 02, 2007 at 03:56:59PM +0200, Stig Bj?rlykke wrote:
2. When connected to a wep encrypted network the data package is
marked as protected but the data part is not encrypted and the
content is not dissected.  Is this be because the mac os driver has
decrypted the data before they are captured with wireshark?  In this
case I think the data should be dissected.  See the attached capture
ieee80211-wep.pcap, with a IPP package which is not dissected.

IIRC, that is configureable as well. Ignore the protection bit.

This does not work as expected, because dissection of the "WEP parameters" are omitted and the dissection of LLC starts too early.


--
Stig Bjørlykke