The ieee 802.11 headers can vary in length depending on the packets types, qos, etc.
The ieee standard is available for free, that should be your best reference.
--
Sent from mobile, brevity, accuracy and security disclaimers.
abhinav narain <abhinavnarain10@xxxxxxxxx> wrote:
hi,
I have seen tcpdump,wireshark both just print packet contents till mac
header in monitor mode.
In case of normal wireless interfaces (wlan0), they follow a different
execution path.
Can someone tell me what should I expect in the the frame after
ieee80211_hdr (which comes after the radiotap header) ?
According to my knowledge, I assume if the control frame bit with
Is it an llc header with a general format :
struct llc_hdr {
uint8 dsap;
uint8 ssap;
struct {
uint8 ui;
uint8 org_code[3];
uint16 ether_type;
} snap;
};
so that i can jump it and get the ip header ?
If some one can correct me ? would be great
Abhinav
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
