How to differentiate between different versions of 802.11?

asked 2021-04-28 17:18:27 +0000

dc159 gravatar image

I am trying to analyze 802.11p traffic using tcpdump and/or Wireshark. I want to know how one can differentiate between different versions of 802.11.

Can someone kindly help me out.

I have understood that there is no standard way to differentiate between different versions of 802.11 and also there is no field in the frames to tell which version of 802.11 is used.

For example, how would one tell if a packet uses 802.11bd or 802.11a/n/ac?

I also know that detecting 802.11p packets is easy because they use a channel width of 10 or 5 MHz and since non of the others use this channel width then I am sure that the packet is of type 11p.

But what about 802.11bd which is retro compatible with 802.11p?

If I am asking on the wrong website can you please kindly tell me where should i ask this question if not here?

edit retag flag offensive close merge delete

Comments

Are you capturing the packets in the air or the wired LAN of the WIFI router? 802.11 is the WIFI and 802.3 is Ethernet.

BigFatCat gravatar imageBigFatCat ( 2021-04-28 18:06:51 +0000 )edit

Hi, packets are captured in the air using interface in monitor mode

dc159 gravatar imagedc159 ( 2021-04-28 19:51:09 +0000 )edit

I have never captured 802.11p. My understanding is 802.1bd is 20 MHz compared to 802.1p 10 Mhz. I would suspect that the radiotap header would say 20 Mhz.

BigFatCat gravatar imageBigFatCat ( 2021-04-30 19:33:40 +0000 )edit

Hi, yes. How would a device know if it can handle a certein version of the protocol? What i think is that the tranceiver is capable of understanding all types of traffic(depending on the type of device) but when then connection happens in a BSS(not talking about 802.11p or bd) the router shares the capabilities and the device verify if it supports these. Could it be? But if 802.11bd, which is 20MHz, shares the band with another version of the protocol(supposed to work inside a BSS) then it is up to the device to decided how it is gona work(depending if it is in managed or OCB mode). In monitor mode the device would end up seeing all types of traffic and the only why to filter the two types would be to look for the capabilities and the type/subtype of the frame i guess.

dc159 gravatar imagedc159 ( 2021-05-08 02:19:45 +0000 )edit