Re: Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs

["Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco)" <emedward () cisco com>]

Alexis,
Sure, I can open a bug soon.

Guy,

> > The legacy header does *not* appear to have a magic number, based on the capture file Joerg made available.
> >
> > Do you have complete details on what it contains, so that we can finish the dissector for it?

Yes, the legacy header has NO magic number, whereas the with 802.11n support header, the magic number would exist.
It is a fixed value of 00ffabcd.


> > 1) make a heuristic dissector for the new header, and have it check for the magic number, so that, for the new 
> > header, you *don't* have to use "Decode As...";

I think, we can have it by the usual, i.e. by the existing Analyze-->Decode As-->PEEKREMOTE decoding.
This is because, perhaps, with the i/p hex-dump, we can first check for the 'magic number'.
If magic number exists (being a fixed value of 00ffabcd, we can have it as a conditional check), we can go ahead to 
dissect per the 55-byte header format.
Else, if no magic number, then we can dissect for the 20-byte header.

The main objective of the changes, IMHO, is that, to classify the dissections (for both 20 & 55-byte headers) in an 
informative manner; and the 'magic number' can be used to select between the 20 OR 55-byte header dissection.
Can you please clarify the reason, to not go by the typical 'Decode As..' from your latest reply.


Thanks and Regards,
Emburey

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe