Wireshark mailing list archives
Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs
From: Alexis La Goutte <alexis.lagoutte () gmail com>
Date: Fri, 20 Dec 2013 09:03:21 +0100
Hi Guy, Do you have a packet of Joerg ? Because in the screenshot, there is "Magic Value" may be the value is different.... (there is also a type field may be the other field is different if type have other value) Regards, On Fri, Dec 20, 2013 at 2:03 AM, Guy Harris <guy () alum mit edu> wrote:
On Dec 19, 2013, at 11:54 AM, Guy Harris <guy () alum mit edu> wrote:Now that you've provided an example of how Omnipeek dissects the samepacket, we now have more data, probably sufficient to allow us to correctly dissect the packet, and can improve the dissection of the "Peek remote" protocol. Unfortunately, it may not be sufficient. The packets Joerg had when he was reverse-engineering the protocol were shorter, with a 20-byte "Peek remote" header rather than the 55-byte header in the packet you have. Given that there's a "version" field in the header, and that Omnipeek reports "correct Header Size" for the value of 55, and the header version in the packet you have is 2, perhaps, for each version of the header, there's a fixed size, and the "header size" field is there so that, if some program that receives packets gets a header version it doesn't understand, it can skip past the header and get to the 802.11 packet. Do you happen to know whether that is the case? ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco) (Dec 19)
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Guy Harris (Dec 19)
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Guy Harris (Dec 19)
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Alexis La Goutte (Dec 20)
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Guy Harris (Dec 20)
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Guy Harris (Dec 19)
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Guy Harris (Dec 19)
- <Possible follow-ups>
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco) (Dec 20)
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Guy Harris (Dec 20)
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Alexis La Goutte (Dec 20)
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco) (Dec 21)
- Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco) (Dec 21)