Ethereal-dev: [Ethereal-dev] 802.11 decode within LWAPP data frame
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Alain Hubert <ahubert@xxxxxxxxx>
Date: Thu, 29 Sep 2005 18:07:54 +0200 (CEST)
Hi, Using ethereal 0.10.10, the 802.11 decode for 802.11 data frames enclosed within LWAPP are not totally correct. (with swap control field set) I noticed two minor errors: - The RSSI/SNR in the AC->AP direction is the "WLAN identifier" Not sure if it is possible to distinguish it easely within the soft but obviously some packets can only come from the AC. - Fragment/seq number are also wrongly decoded B0->B15 instead B15->B0 BTW, I don't believe there is any swap control field mis-interpretation possibility. The point is that - B0-B1 = version - B2-B3 = type ... The same mistake appears with the fragment/seq number where we have B0-B3 = Frag number and B4-B15 = Seq number while ethereal 0.10.10 now consider B15-B12 = frag number, B11-B0 - seq num. Don't hesitate to correct me if I am wrong. Thanks for your great tool, Alain
Attachment:
lwapp-data.cap
Description: lwapp-data.cap
No. Time Source Destination Protocol Info
10 2005-09-29 14:35:51.933609 100.0.253.3 10.48.74.126 IEEE 802.11 Probe Request
Frame 10 (72 bytes on wire, 72 bytes captured)
Arrival Time: Sep 29, 2005 14:35:51.933609000
Time delta from previous packet: 2.023549000 seconds
Time since reference or first frame: 2.023549000 seconds
Frame Number: 10
Packet Length: 72 bytes
Capture Length: 72 bytes
Protocols in frame: eth:ip:udp:lwapp:wlan
Ethernet II, Src: 00:0b:85:24:e8:90, Dst: 00:0b:85:32:e4:05
Destination: 00:0b:85:32:e4:05 (Airespac_32:e4:05)
Source: 00:0b:85:24:e8:90 (10.48.74.126)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.48.74.126 (10.48.74.126), Dst Addr: 10.48.73.246 (10.48.73.246)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 58
Identification: 0x0035 (53)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: UDP (0x11)
Header checksum: 0x92aa (correct)
Source: 10.48.74.126 (10.48.74.126)
Destination: 10.48.73.246 (10.48.73.246)
User Datagram Protocol, Src Port: 20105 (20105), Dst Port: 12222 (12222)
Source port: 20105 (20105)
Destination port: 12222 (12222)
Length: 38
Checksum: 0x0000 (none)
LWAPP Encapsulated Packet
Version: 0
slotId: 1
.... .0.. = Type: Encapsulated 80211
.... ..0. = Fragment: Set
.... ...0 = Fragment Type: Set
Fragment Id: 0x1d
Length: 24
RSSI: 0xe3
SNR: 0x42
IEEE 802.11
Type/Subtype: Probe Request (4)
Frame Control: 0x0040 (Swapped)
Version: 0
Type: Management frame (0)
Subtype: 4
Flags: 0x0
DS status: Not leaving DS or network is operating in AD-HOC mode (To DS: 0 From DS: 0) (0x00)
.... .0.. = More Fragments: This is the last fragment
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = WEP flag: WEP is disabled
0... .... = Order flag: Not strictly ordered
Duration: 0
Destination address: 00:0b:85:24:e8:90 (10.48.74.126)
Source address: 00:02:8a:d8:de:9a (100.0.253.3)
BSS Id: 00:0b:85:24:e8:90 (10.48.74.126)
Fragment number: 3
Sequence number: 261
IEEE 802.11 wireless LAN management frame
Tagged parameters (0 bytes)
0000 00 0b 85 32 e4 05 00 0b 85 24 e8 90 08 00 45 00 ...2.....$....E.
0010 00 3a 00 35 00 00 7f 11 92 aa 0a 30 4a 7e 0a 30 .:.5.......0J~.0
0020 49 f6 4e 89 2f be 00 26 00 00 08 1d 00 18 e3 42 I.N./..&.......B
0030 00 40 00 00 00 0b 85 24 e8 90 00 02 8a d8 de 9a .@.....$........
0040 00 0b 85 24 e8 90 53 10 ...$..S.
No. Time Source Destination Protocol Info
11 2005-09-29 14:35:52.069158 100.0.253.3 10.48.74.126 IEEE 802.11 Association Request, SSID: "adgar-voice"
Frame 11 (112 bytes on wire, 112 bytes captured)
Arrival Time: Sep 29, 2005 14:35:52.069158000
Time delta from previous packet: 0.135549000 seconds
Time since reference or first frame: 2.159098000 seconds
Frame Number: 11
Packet Length: 112 bytes
Capture Length: 112 bytes
Protocols in frame: eth:ip:udp:lwapp:wlan
Ethernet II, Src: 00:0b:85:24:e8:90, Dst: 00:0b:85:32:e4:05
Destination: 00:0b:85:32:e4:05 (Airespac_32:e4:05)
Source: 00:0b:85:24:e8:90 (10.48.74.126)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.48.74.126 (10.48.74.126), Dst Addr: 10.48.73.246 (10.48.73.246)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 98
Identification: 0x0036 (54)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: UDP (0x11)
Header checksum: 0x9281 (correct)
Source: 10.48.74.126 (10.48.74.126)
Destination: 10.48.73.246 (10.48.73.246)
User Datagram Protocol, Src Port: 20105 (20105), Dst Port: 12222 (12222)
Source port: 20105 (20105)
Destination port: 12222 (12222)
Length: 78
Checksum: 0x0000 (none)
LWAPP Encapsulated Packet
Version: 0
slotId: 1
.... .0.. = Type: Encapsulated 80211
.... ..0. = Fragment: Set
.... ...0 = Fragment Type: Set
Fragment Id: 0x1e
Length: 64
RSSI: 0xea
SNR: 0x49
IEEE 802.11
Type/Subtype: Association Request (0)
Frame Control: 0x0000 (Swapped)
Version: 0
Type: Management frame (0)
Subtype: 0
Flags: 0x0
DS status: Not leaving DS or network is operating in AD-HOC mode (To DS: 0 From DS: 0) (0x00)
.... .0.. = More Fragments: This is the last fragment
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = WEP flag: WEP is disabled
0... .... = Order flag: Not strictly ordered
Duration: 29952
Destination address: 00:0b:85:24:e8:90 (10.48.74.126)
Source address: 00:02:8a:d8:de:9a (100.0.253.3)
BSS Id: 00:0b:85:24:e8:90 (10.48.74.126)
Fragment number: 3
Sequence number: 3845
IEEE 802.11 wireless LAN management frame
Fixed parameters (4 bytes)
Capability Information: 0x2100
.... .... .... ...0 = ESS capabilities: Transmitter is a STA
.... .... .... ..0. = IBSS status: Transmitter belongs to a BSS
.... .... .... 00.. = CFP participation capabilities: Station is not CF-Pollable (0x0000)
.... .... ...0 .... = Privacy: AP/STA cannot support WEP
.... .... ..0. .... = Short Preamble: Short preamble not allowed
.... .... .0.. .... = PBCC: PBCC modulation not allowed
.... .... 0... .... = Channel Agility: Channel agility not in use
.... .0.. .... .... = Short Slot Time: Short slot time not in use
..1. .... .... .... = DSSS-OFDM: DSSS-OFDM modulation allowed
Listen Interval: 0xc800
Tagged parameters (36 bytes)
Tag Number: 0 (SSID parameter set)
Tag length: 11
Tag interpretation: adgar-voice
Tag Number: 1 (Supported Rates)
Tag length: 4
Tag interpretation: Supported rates: 1.0 2.0 5.5 11.0 [Mbit/sec]
Tag Number: 221 (Vendor Specific)
Tag length: 7
Tag interpretation: WME IE: type 2, subtype 0, version 1, parameter set 0
Tag Number: 221 (Vendor Specific)
Tag length: 6
Tag interpretation: Vendor "AironetW" not interpreted
0000 00 0b 85 32 e4 05 00 0b 85 24 e8 90 08 00 45 00 ...2.....$....E.
0010 00 62 00 36 00 00 7f 11 92 81 0a 30 4a 7e 0a 30 .b.6.......0J~.0
0020 49 f6 4e 89 2f be 00 4e 00 00 08 1e 00 40 ea 49 I.N./..N.....@.I
0030 00 00 00 75 00 0b 85 24 e8 90 00 02 8a d8 de 9a ...u...$........
0040 00 0b 85 24 e8 90 53 f0 00 21 00 c8 00 0b 61 64 ...$..S..!....ad
0050 67 61 72 2d 76 6f 69 63 65 01 04 02 04 0b 16 dd gar-voice.......
0060 07 00 50 f2 02 00 01 00 dd 06 00 40 96 01 01 00 ..P........@....
No. Time Source Destination Protocol Info
12 2005-09-29 14:35:52.108063 10.48.74.126 100.0.253.3 IEEE 802.11 Association Response
Frame 12 (81 bytes on wire, 81 bytes captured)
Arrival Time: Sep 29, 2005 14:35:52.108063000
Time delta from previous packet: 0.038905000 seconds
Time since reference or first frame: 2.198003000 seconds
Frame Number: 12
Packet Length: 81 bytes
Capture Length: 81 bytes
Protocols in frame: eth:ip:udp:lwapp:wlan
Ethernet II, Src: 00:0b:85:32:e4:05, Dst: 00:0b:85:24:e8:90
Destination: 00:0b:85:24:e8:90 (10.48.74.126)
Source: 00:0b:85:32:e4:05 (Airespac_32:e4:05)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.48.73.246 (10.48.73.246), Dst Addr: 10.48.74.126 (10.48.74.126)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 67
Identification: 0xe6c0 (59072)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: UDP (0x11)
Header checksum: 0xac15 (correct)
Source: 10.48.73.246 (10.48.73.246)
Destination: 10.48.74.126 (10.48.74.126)
User Datagram Protocol, Src Port: 12223 (12223), Dst Port: 20105 (20105)
Source port: 12223 (12223)
Destination port: 20105 (20105)
Length: 47
Checksum: 0x0000 (none)
LWAPP Encapsulated Packet
Version: 0
slotId: 1
.... .0.. = Type: Encapsulated 80211
.... ..0. = Fragment: Set
.... ...0 = Fragment Type: Set
Fragment Id: 0xbf
Length: 33
RSSI: 0x01
SNR: 0x00
IEEE 802.11
Type/Subtype: Association Response (1)
Frame Control: 0x0010 (Swapped)
Version: 0
Type: Management frame (0)
Subtype: 1
Flags: 0x0
DS status: Not leaving DS or network is operating in AD-HOC mode (To DS: 0 From DS: 0) (0x00)
.... .0.. = More Fragments: This is the last fragment
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = WEP flag: WEP is disabled
0... .... = Order flag: Not strictly ordered
Duration: 0
Destination address: 00:02:8a:d8:de:9a (100.0.253.3)
Source address: 00:0b:85:24:e8:90 (10.48.74.126)
BSS Id: 00:0b:85:24:e8:90 (10.48.74.126)
Fragment number: 0
Sequence number: 0
IEEE 802.11 wireless LAN management frame
Fixed parameters (6 bytes)
Capability Information: 0x2104
.... .... .... ...0 = ESS capabilities: Transmitter is a STA
.... .... .... ..0. = IBSS status: Transmitter belongs to a BSS
.... .... .... 01.. = CFP participation capabilities: Station is CF-Pollable, requesting to be placed on the CF-polling list (0x0001)
.... .... ...0 .... = Privacy: AP/STA cannot support WEP
.... .... ..0. .... = Short Preamble: Short preamble not allowed
.... .... .0.. .... = PBCC: PBCC modulation not allowed
.... .... 0... .... = Channel Agility: Channel agility not in use
.... .0.. .... .... = Short Slot Time: Short slot time not in use
..1. .... .... .... = DSSS-OFDM: DSSS-OFDM modulation allowed
Status code: Successful (0x0000)
Association ID: 0x01c0
Tagged parameters (3 bytes)
Tag Number: 1 (Supported Rates)
Tag length: 1
Tag interpretation: Supported rates: 11.0(B) [Mbit/sec]
0000 00 0b 85 24 e8 90 00 0b 85 32 e4 05 08 00 45 00 ...$.....2....E.
0010 00 43 e6 c0 00 00 7f 11 ac 15 0a 30 49 f6 0a 30 .C.........0I..0
0020 4a 7e 2f bf 4e 89 00 2f 00 00 08 bf 00 21 01 00 J~/.N../.....!..
0030 00 10 00 00 00 02 8a d8 de 9a 00 0b 85 24 e8 90 .............$..
0040 00 0b 85 24 e8 90 00 00 04 21 00 00 c0 01 01 01 ...$.....!......
0050 96 .
No. Time Source Destination Protocol Info
13 2005-09-29 14:35:52.109698 10.48.73.246 10.48.74.126 LWAPP CNTL CONFIGURE_COMMAND
Frame 13 (138 bytes on wire, 138 bytes captured)
Arrival Time: Sep 29, 2005 14:35:52.109698000
Time delta from previous packet: 0.001635000 seconds
Time since reference or first frame: 2.199638000 seconds
Frame Number: 13
Packet Length: 138 bytes
Capture Length: 138 bytes
Protocols in frame: eth:ip:udp:lwapp:data
Ethernet II, Src: 00:0b:85:32:e4:05, Dst: 00:0b:85:24:e8:90
Destination: 00:0b:85:24:e8:90 (10.48.74.126)
Source: 00:0b:85:32:e4:05 (Airespac_32:e4:05)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.48.73.246 (10.48.73.246), Dst Addr: 10.48.74.126 (10.48.74.126)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 124
Identification: 0xe6c1 (59073)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: UDP (0x11)
Header checksum: 0xabdb (correct)
Source: 10.48.73.246 (10.48.73.246)
Destination: 10.48.74.126 (10.48.74.126)
User Datagram Protocol, Src Port: 12223 (12223), Dst Port: 20105 (20105)
Source port: 12223 (12223)
Destination port: 20105 (20105)
Length: 104
Checksum: 0x0000 (none)
LWAPP Encapsulated Packet
Version: 0
slotId: 0
.... .1.. = Type: LWAPP Control Packet
.... ..0. = Fragment: Set
.... ...0 = Fragment Type: Set
Fragment Id: 0xc0
Length: 90
RSSI: 0x00
SNR: 0x00
LWAP Control Message
Control Type: 12
Control Sequence Number: 150
Control Length: 82
Data (86 bytes)
0000 00 0b 85 24 e8 90 00 0b 85 32 e4 05 08 00 45 00 ...$.....2....E.
0010 00 7c e6 c1 00 00 7f 11 ab db 0a 30 49 f6 0a 30 .|.........0I..0
0020 4a 7e 2f bf 4e 89 00 68 00 00 04 c0 00 5a 00 00 J~/.N..h.....Z..
0030 0c 96 00 52 52 cc 56 e6 27 23 fa 1b 04 db e3 2e ...RR.V.'#......
0040 70 ee 23 51 35 a2 79 c4 de 73 32 8b 10 ff a6 65 p.#Q5.y..s2....e
0050 c8 10 cc 99 f9 40 7c 64 a2 09 81 9b 11 d5 70 c7 .....@|d......p.
0060 27 1e 18 3c 37 26 65 88 d8 7e 79 75 9b 81 89 3f '..<7&e..~yu...?
0070 85 3b ff 46 12 9c 73 9a 68 02 30 97 9e 0a f5 33 .;.F..s.h.0....3
0080 c4 47 3e 15 e4 ad 18 fa ca 66 .G>......f
No. Time Source Destination Protocol Info
14 2005-09-29 14:35:52.109881 10.48.74.126 10.48.73.246 LWAPP CNTL CONFIGURE_COMMAND_RES
Frame 14 (62 bytes on wire, 62 bytes captured)
Arrival Time: Sep 29, 2005 14:35:52.109881000
Time delta from previous packet: 0.000183000 seconds
Time since reference or first frame: 2.199821000 seconds
Frame Number: 14
Packet Length: 62 bytes
Capture Length: 62 bytes
Protocols in frame: eth:ip:udp:lwapp:data
Ethernet II, Src: 00:0b:85:24:e8:90, Dst: 00:0b:85:32:e4:05
Destination: 00:0b:85:32:e4:05 (Airespac_32:e4:05)
Source: 00:0b:85:24:e8:90 (10.48.74.126)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.48.74.126 (10.48.74.126), Dst Addr: 10.48.73.246 (10.48.73.246)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x0037 (55)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: UDP (0x11)
Header checksum: 0x92b2 (correct)
Source: 10.48.74.126 (10.48.74.126)
Destination: 10.48.73.246 (10.48.73.246)
User Datagram Protocol, Src Port: 20105 (20105), Dst Port: 12223 (12223)
Source port: 20105 (20105)
Destination port: 12223 (12223)
Length: 28
Checksum: 0x0000 (none)
LWAPP Encapsulated Packet
AP Identity: 00:0b:85:24:e8:90 (10.48.74.126)
Version: 0
slotId: 0
.... .1.. = Type: LWAPP Control Packet
.... ..0. = Fragment: Set
.... ...0 = Fragment Type: Set
Fragment Id: 0x00
Length: 8
RSSI: 0x00
SNR: 0x00
LWAP Control Message
Control Type: 13
Control Sequence Number: 150
Control Length: 0
Data (4 bytes)
0000 00 0b 85 32 e4 05 00 0b 85 24 e8 90 08 00 45 00 ...2.....$....E.
0010 00 30 00 37 00 00 7f 11 92 b2 0a 30 4a 7e 0a 30 .0.7.......0J~.0
0020 49 f6 4e 89 2f bf 00 1c 00 00 00 0b 85 24 e8 90 I.N./........$..
0030 04 00 00 08 00 00 0d 96 00 00 80 48 e4 e0 ...........H..
No. Time Source Destination Protocol Info
15 2005-09-29 14:35:52.110132 100.0.253.3 Airespac_24:e8:9f LLC U, func=UI; SNAP, OUI 0x004096 (Unknown), PID 0x0000
Frame 15 (97 bytes on wire, 97 bytes captured)
Arrival Time: Sep 29, 2005 14:35:52.110132000
Time delta from previous packet: 0.000251000 seconds
Time since reference or first frame: 2.200072000 seconds
Frame Number: 15
Packet Length: 97 bytes
Capture Length: 97 bytes
Protocols in frame: eth:ip:udp:lwapp:wlan:llc:data
Ethernet II, Src: 00:0b:85:24:e8:90, Dst: 00:0b:85:32:e4:05
Destination: 00:0b:85:32:e4:05 (Airespac_32:e4:05)
Source: 00:0b:85:24:e8:90 (10.48.74.126)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.48.74.126 (10.48.74.126), Dst Addr: 10.48.73.246 (10.48.73.246)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 83
Identification: 0x0038 (56)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: UDP (0x11)
Header checksum: 0x928e (correct)
Source: 10.48.74.126 (10.48.74.126)
Destination: 10.48.73.246 (10.48.73.246)
User Datagram Protocol, Src Port: 20105 (20105), Dst Port: 12222 (12222)
Source port: 20105 (20105)
Destination port: 12222 (12222)
Length: 63
Checksum: 0x0000 (none)
LWAPP Encapsulated Packet
Version: 0
slotId: 1
.... .0.. = Type: Encapsulated 80211
.... ..0. = Fragment: Set
.... ...0 = Fragment Type: Set
Fragment Id: 0x1f
Length: 49
RSSI: 0xeb
SNR: 0x4a
IEEE 802.11
Type/Subtype: Data (32)
Frame Control: 0x0108 (Swapped)
Version: 0
Type: Data frame (2)
Subtype: 0
Flags: 0x1
DS status: Frame is entering DS (To DS: 1 From DS: 0) (0x01)
.... .0.. = More Fragments: This is the last fragment
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = WEP flag: WEP is disabled
0... .... = Order flag: Not strictly ordered
Duration: 29952
BSS Id: 00:0b:85:24:e8:90 (10.48.74.126)
Source address: 00:02:8a:d8:de:9a (100.0.253.3)
Destination address: 00:0b:85:24:e8:9f (Airespac_24:e8:9f)
Fragment number: 4
Sequence number: 5
Logical-Link Control
DSAP: SNAP (0xaa)
IG Bit: Individual
SSAP: SNAP (0xaa)
CR Bit: Command
Control field: U, func=UI (0x03)
000. 00.. = Command: Unnumbered Information (0x00)
.... ..11 = Frame type: Unnumbered frame (0x03)
Organization Code: Unknown (0x004096)
Protocol ID: 0x0000
Data (17 bytes)
0000 00 0b 85 32 e4 05 00 0b 85 24 e8 90 08 00 45 00 ...2.....$....E.
0010 00 53 00 38 00 00 7f 11 92 8e 0a 30 4a 7e 0a 30 .S.8.......0J~.0
0020 49 f6 4e 89 2f be 00 3f 00 00 08 1f 00 31 eb 4a I.N./..?.....1.J
0030 01 08 00 75 00 0b 85 24 e8 90 00 02 8a d8 de 9a ...u...$........
0040 00 0b 85 24 e8 9f 54 00 aa aa 03 00 40 96 00 00 ...$..T.....@...
0050 00 11 40 01 00 0b 85 24 e8 9f 00 02 8a d8 de 9a ..@....$........
0060 01 .
No. Time Source Destination Protocol Info
16 2005-09-29 14:35:52.111933 100.0.253.3 255.255.255.255 DHCP DHCP Request - Transaction ID 0xae41607e
Frame 16 (408 bytes on wire, 408 bytes captured)
Arrival Time: Sep 29, 2005 14:35:52.111933000
Time delta from previous packet: 0.001801000 seconds
Time since reference or first frame: 2.201873000 seconds
Frame Number: 16
Packet Length: 408 bytes
Capture Length: 408 bytes
Protocols in frame: eth:ip:udp:lwapp:wlan:llc:ip:udp:bootp
Ethernet II, Src: 00:0b:85:24:e8:90, Dst: 00:0b:85:32:e4:05
Destination: 00:0b:85:32:e4:05 (Airespac_32:e4:05)
Source: 00:0b:85:24:e8:90 (10.48.74.126)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.48.74.126 (10.48.74.126), Dst Addr: 10.48.73.246 (10.48.73.246)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 394
Identification: 0x0039 (57)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: UDP (0x11)
Header checksum: 0x9156 (correct)
Source: 10.48.74.126 (10.48.74.126)
Destination: 10.48.73.246 (10.48.73.246)
User Datagram Protocol, Src Port: 20105 (20105), Dst Port: 12222 (12222)
Source port: 20105 (20105)
Destination port: 12222 (12222)
Length: 374
Checksum: 0x0000 (none)
LWAPP Encapsulated Packet
Version: 0
slotId: 1
.... .0.. = Type: Encapsulated 80211
.... ..0. = Fragment: Set
.... ...0 = Fragment Type: Set
Fragment Id: 0x20
Length: 360
RSSI: 0xe9
SNR: 0x48
IEEE 802.11
Type/Subtype: Data (32)
Frame Control: 0x0108 (Swapped)
Version: 0
Type: Data frame (2)
Subtype: 0
Flags: 0x1
DS status: Frame is entering DS (To DS: 1 From DS: 0) (0x01)
.... .0.. = More Fragments: This is the last fragment
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = WEP flag: WEP is disabled
0... .... = Order flag: Not strictly ordered
Duration: 29952
BSS Id: 00:0b:85:24:e8:90 (10.48.74.126)
Source address: 00:02:8a:d8:de:9a (100.0.253.3)
Destination address: ff:ff:ff:ff:ff:ff (Broadcast)
Fragment number: 4
Sequence number: 261
Logical-Link Control
DSAP: SNAP (0xaa)
IG Bit: Individual
SSAP: SNAP (0xaa)
CR Bit: Command
Control field: U, func=UI (0x03)
000. 00.. = Command: Unnumbered Information (0x00)
.... ..11 = Frame type: Unnumbered frame (0x03)
Organization Code: Encapsulated Ethernet (0x000000)
Type: IP (0x0800)
Internet Protocol, Src Addr: 100.0.253.3 (100.0.253.3), Dst Addr: 255.255.255.255 (255.255.255.255)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x7623 (30243)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x627e (correct)
Source: 100.0.253.3 (100.0.253.3)
Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Source port: bootpc (68)
Destination port: bootps (67)
Length: 308
Checksum: 0xda76 (correct)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xae41607e
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 100.0.253.3 (100.0.253.3)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: 00:02:8a:d8:de:9a (100.0.253.3)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option 53: DHCP Message Type = DHCP Request
Option 61: Client identifier
Hardware type: Ethernet
Client MAC address: 00:02:8a:d8:de:9a (100.0.253.3)
Option 12: Host Name = "ahubert-w2k05"
Option 60: Vendor class identifier = "MSFT 5.0"
Option 55: Parameter Request List
1 = Subnet Mask
15 = Domain Name
3 = Router
6 = Domain Name Server
44 = NetBIOS over TCP/IP Name Server
46 = NetBIOS over TCP/IP Node Type
47 = NetBIOS over TCP/IP Scope
31 = Perform Router Discover
33 = Static Route
43 = Vendor-Specific Information
End Option
Padding
0000 00 0b 85 32 e4 05 00 0b 85 24 e8 90 08 00 45 00 ...2.....$....E.
0010 01 8a 00 39 00 00 7f 11 91 56 0a 30 4a 7e 0a 30 ...9.....V.0J~.0
0020 49 f6 4e 89 2f be 01 76 00 00 08 20 01 68 e9 48 I.N./..v... .h.H
0030 01 08 00 75 00 0b 85 24 e8 90 00 02 8a d8 de 9a ...u...$........
0040 ff ff ff ff ff ff 54 10 aa aa 03 00 00 00 08 00 ......T.........
0050 45 00 01 48 76 23 00 00 80 11 62 7e 64 00 fd 03 E..Hv#....b~d...
0060 ff ff ff ff 00 44 00 43 01 34 da 76 01 01 06 00 .....D.C.4.v....
0070 ae 41 60 7e 00 00 00 00 64 00 fd 03 00 00 00 00 .A`~....d.......
0080 00 00 00 00 00 00 00 00 00 02 8a d8 de 9a 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0150 00 00 00 00 00 00 00 00 63 82 53 63 35 01 03 3d ........c.Sc5..=
0160 07 01 00 02 8a d8 de 9a 0c 0d 61 68 75 62 65 72 ..........ahuber
0170 74 2d 77 32 6b 30 35 3c 08 4d 53 46 54 20 35 2e t-w2k05<.MSFT 5.
0180 30 37 0a 01 0f 03 06 2c 2e 2f 1f 21 2b ff 00 00 07.....,./.!+...
0190 00 00 00 00 00 00 00 00 ........
No. Time Source Destination Protocol Info
17 2005-09-29 14:35:52.153648 1.1.1.1 100.0.253.3 DHCP DHCP ACK - Transaction ID 0xae41607e
Frame 17 (412 bytes on wire, 412 bytes captured)
Arrival Time: Sep 29, 2005 14:35:52.153648000
Time delta from previous packet: 0.041715000 seconds
Time since reference or first frame: 2.243588000 seconds
Frame Number: 17
Packet Length: 412 bytes
Capture Length: 412 bytes
Protocols in frame: eth:ip:udp:lwapp:wlan:llc:ip:udp:bootp
Ethernet II, Src: 00:0b:85:32:e4:05, Dst: 00:0b:85:24:e8:90
Destination: 00:0b:85:24:e8:90 (10.48.74.126)
Source: 00:0b:85:32:e4:05 (Airespac_32:e4:05)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.48.73.246 (10.48.73.246), Dst Addr: 10.48.74.126 (10.48.74.126)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 398
Identification: 0xe6c2 (59074)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: UDP (0x11)
Header checksum: 0xaac8 (correct)
Source: 10.48.73.246 (10.48.73.246)
Destination: 10.48.74.126 (10.48.74.126)
User Datagram Protocol, Src Port: 12223 (12223), Dst Port: 20105 (20105)
Source port: 12223 (12223)
Destination port: 20105 (20105)
Length: 378
Checksum: 0x0000 (none)
LWAPP Encapsulated Packet
Version: 0
slotId: 1
.... .0.. = Type: Encapsulated 80211
.... ..0. = Fragment: Set
.... ...0 = Fragment Type: Set
Fragment Id: 0xc1
Length: 364
RSSI: 0x01
SNR: 0x00
IEEE 802.11
Type/Subtype: Data (32)
Frame Control: 0x0208 (Swapped)
Version: 0
Type: Data frame (2)
Subtype: 0
Flags: 0x2
DS status: Frame is exiting DS (To DS: 0 From DS: 1) (0x02)
.... .0.. = More Fragments: This is the last fragment
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = WEP flag: WEP is disabled
0... .... = Order flag: Not strictly ordered
Duration: 0
Destination address: 00:02:8a:d8:de:9a (100.0.253.3)
BSS Id: 00:0b:85:24:e8:90 (10.48.74.126)
Source address: 00:0b:85:24:e8:90 (10.48.74.126)
Fragment number: 0
Sequence number: 0
Logical-Link Control
DSAP: SNAP (0xaa)
IG Bit: Individual
SSAP: SNAP (0xaa)
CR Bit: Command
Control field: U, func=UI (0x03)
000. 00.. = Command: Unnumbered Information (0x00)
.... ..11 = Frame type: Unnumbered frame (0x03)
Organization Code: Encapsulated Ethernet (0x000000)
Type: IP (0x0800)
Internet Protocol, Src Addr: 1.1.1.1 (1.1.1.1), Dst Addr: 100.0.253.3 (100.0.253.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 332
Identification: 0x0000 (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: UDP (0x11)
Header checksum: 0x579b (correct)
Source: 1.1.1.1 (1.1.1.1)
Destination: 100.0.253.3 (100.0.253.3)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Source port: bootps (67)
Destination port: bootpc (68)
Length: 312
Checksum: 0xd50f (correct)
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xae41607e
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 100.0.253.3 (100.0.253.3)
Your (client) IP address: 100.0.253.3 (100.0.253.3)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: 00:02:8a:d8:de:9a (100.0.253.3)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option 53: DHCP Message Type = DHCP ACK
Option 54: Server Identifier = 1.1.1.1
Option 51: IP Address Lease Time = 1 day
Option 1: Subnet Mask = 255.255.255.0
Padding
End Option
Padding
0000 00 0b 85 24 e8 90 00 0b 85 32 e4 05 08 00 45 00 ...$.....2....E.
0010 01 8e e6 c2 00 00 7f 11 aa c8 0a 30 49 f6 0a 30 ...........0I..0
0020 4a 7e 2f bf 4e 89 01 7a 00 00 08 c1 01 6c 01 00 J~/.N..z.....l..
0030 02 08 00 00 00 02 8a d8 de 9a 00 0b 85 24 e8 90 .............$..
0040 00 0b 85 24 e8 90 00 00 aa aa 03 00 00 00 08 00 ...$............
0050 45 00 01 4c 00 00 00 00 ff 11 57 9b 01 01 01 01 E..L......W.....
0060 64 00 fd 03 00 43 00 44 01 38 d5 0f 02 01 06 00 d....C.D.8......
0070 ae 41 60 7e 00 00 00 00 64 00 fd 03 64 00 fd 03 .A`~....d...d...
0080 00 00 00 00 00 00 00 00 00 02 8a d8 de 9a 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0150 00 00 00 00 00 00 00 00 63 82 53 63 35 01 05 36 ........c.Sc5..6
0160 04 01 01 01 01 33 04 00 01 51 80 01 04 ff ff ff .....3...Q......
0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0190 00 00 00 00 00 00 00 ff 00 00 00 00 ............
- Prev by Date: [Ethereal-dev] Has anyone seen TACACS+ Decryption work?
- Next by Date: [Ethereal-dev] Link errors compiling for win32
- Previous by thread: [Ethereal-dev] Filtering for hostnames no longer works under Windows?
- Next by thread: [Ethereal-dev] Link errors compiling for win32
- Index(es):
