Cannot dissect IEEE802.11 data frames

[Vasily Postnicov <shamaz.mazum () gmail com>]

Hello! I am using wireshark 2.0.3 from FreeBSD ports for the first time. I
am not good in computer networks and try to analyze traffic captured over
unencrypted Wi-Fi network. Turns out that data frames dissection is wrong
in my case: wireshark can't dissect further than LLC protocol. I attach
pcap file produced by airodump-ng.

Here is the beginning of the sixth frame in hex:
 88 01 30 00 0E 27 22 E9 54 84 1C B7 2C 4E 24 DF D4 CA 6D D6 F5 4D 40 29 00
00 40 00 AA AA 03 00 00 00 08 00 45 00 00 39 B5 B1 40 00 40 11 BF 76 C0 A8
22 3A C0 A8 22 01
Wireshark says that LLC header begins with sequence 40 00 aa aa, so

DSAP is Unknown (0x40)
SSAP is NULL LSAP (0x00)
Control field is I, N(R)=85, N(S)=85 (0xAAAA)

> From what I read in wikipedia, this seems to be wrong. It seems DSAP is
actually 0xAA here, SSAP is also 0xAA and control field is 1 octet 0x03,
that means SNAP extension is used. Next 3 octets (0x000000) are unused OUI,
and following 2 octets 0x0800 are protocol ID for ipv4. Next octet 0x45 is
the beginning of ip packet header.

According to ifconfig, access point of that network supported high
throughput and atheros protocol extensions (had HTCAP and ATH in ifconfig
wlan0 list scan), whatever that means.

So what am I doing wrong? Or is this a bug? With best regards, Vasily

Attachment: shark.pcap
Description:

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe