Wireshark-users: Re: [Wireshark-users] Cannot dissect IEEE802.11 data frames

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 17 May 2016 10:26:33 -0700
On May 17, 2016, at 5:58 AM, Vasily Postnicov <shamaz.mazum@xxxxxxxxx> wrote:

> Hello! I am using wireshark 2.0.3 from FreeBSD ports for the first time. I am not good in computer networks and try to analyze traffic captured over unencrypted Wi-Fi network. Turns out that data frames dissection is wrong in my case: wireshark can't dissect further than LLC protocol. I attach pcap file produced by airodump-ng.

Can you capture with radiotap headers?  That capture was made without them, but the radiotap header might give Wireshark information it needs to treat either the 00 00 or the 40 00 before the LLC header in a way that allows it to find the LLC header properly.