cftmon
Reputation: 203
Wireshark: Parsing packets
I am wondering how does Wireshark parse 802.11 packets.
For example, A probe request packet has a sequence number: 2327.
In the packet details, in hexadecimal it is "70 91", while in ASCII it is "p."
Then how does wireshark get the value "2327" from the packet? Is there a similar example in C?
Upvotes: 1
Views: 1451
Answers (2)
cftmon
Reputation: 203
@caf was right,anyway i post the code on how i extract the Sequence Number..
//this is the subfields
typedef struct seqctl_subfields
{
unsigned fragment:4;
unsigned seq_num:12;
};
struct seqctl_fields *se = (struct seqctl_fields*)p->sc // where p is a struct of the 802.11 header,p->sc points to the sequence control field of the 802.11 header
std::cout << se->seq_num << std::endl;
Upvotes: 0
caf
Reputation: 239011
The 802.11 Sequence Control field is a 16 bit little-endian field that contains two subfields - the upper 12 bits contain the Sequence Number, and the lower 4 bits contain the Fragment Number. In this case:
- Sequence Control = 0x9170
- Sequence Number = 0x917 = 2327 decimal
- Fragment Number = 0x0 = 0
Upvotes: 4
Related Questions
- Parsing WiFi Packets (libpcap)
- Packet parsing in C using struct
- Parsing a .pcap file in plain C
- Binary Packet Parsing
- Parsing a TCP Packet data
- Extracting packet informations using C++
- Parse the incoming packet
- Correct way to parse network packet in C
- constructing and parsing network packet
- How to parse TCP packet payload