Revision history [back]

I need to capture simultaneously on 2 interfaces (802.11 in monitor mode and Ethernet). Wireshark displays packets with a SLL prefix but cannot decode the Wifi packets and the associated RadioTap header. For those packets, the SLL contains 803 (802.11+RadioTap) in ARPHRD and 1 (Ethernet-II) in ProtocolType. It seems Wireshark is using the ProtocolType as the hint and completely ignore the ARPHRD.

I think there's no protocolType assigned in if_ether.h for RadioTap and decoding as ethernet cannot work. I even disabled all protocol dissectors (except SLL, Radiotap and 802.11) and Wireshark still cannot decode.

Since there's no protocolType assigned for Radiotap I think the SLL dissector should use ARPHRD value as the principal hint because it is explicit: the first portion must be decoded as RadioTap and the second as 802.11.

Did I missed something obvious?

I need to capture simultaneously on 2 interfaces (802.11 in monitor mode and Ethernet). Wireshark displays packets with a SLL prefix but cannot decode the Wifi packets and the associated RadioTap header. For those packets, the SLL contains 803 (802.11+RadioTap) in ARPHRD and 1 (Ethernet-II) in ProtocolType. It seems Wireshark is using the ProtocolType as the hint and completely ignore the ARPHRD.

I think there's no protocolType assigned in if_ether.h for RadioTap and decoding as ethernet cannot work. I even disabled all protocol dissectors (except SLL, Radiotap and 802.11) and Wireshark still cannot decode.

Since there's no protocolType assigned for Radiotap I think the SLL dissector should use ARPHRD value as the principal hint because it is explicit: the first portion must be decoded as RadioTap and the second as 802.11.

Tested in WireShark 2.2.17 and 2.6.3.

Did I missed something obvious?

I need to capture simultaneously on 2 interfaces (802.11 in monitor mode and Ethernet). Wireshark displays packets with a SLL prefix but cannot decode the Wifi packets and the associated RadioTap header. For those packets, the SLL contains 803 (802.11+RadioTap) in ARPHRD and 1 4 (Ethernet-II) in ProtocolType. It seems Wireshark is using the ProtocolType as the hint and completely ignore the ARPHRD.

I think there's no protocolType assigned in if_ether.h for RadioTap and decoding as ethernet cannot work. I even disabled all protocol dissectors (except SLL, Radiotap and 802.11) and Wireshark still cannot decode.

Since there's no protocolType assigned for Radiotap I think the SLL dissector should use ARPHRD value as the principal hint because it is explicit: the first portion must be decoded as RadioTap and the second as 802.11.

Tested in WireShark 2.2.17 and 2.6.3.

Did I missed something obvious?

I need to capture simultaneously on 2 interfaces (802.11 in monitor mode and Ethernet). Wireshark displays packets with a SLL prefix but cannot decode the Wifi packets and the associated RadioTap header. For those packets, the SLL contains 803 (802.11+RadioTap) in ARPHRD and 4 (Ethernet-II) in ProtocolType. It seems Wireshark is using the ProtocolType as the hint and completely ignore the ARPHRD.

I think there's no protocolType assigned in if_ether.h for RadioTap and decoding as ethernet cannot work. I even disabled all protocol dissectors (except SLL, Radiotap and 802.11) and Wireshark still cannot decode.

Since there's no protocolType assigned for Radiotap I think the SLL dissector should use ARPHRD value as the principal hint because it is explicit: the first portion must be decoded as RadioTap and the second as 802.11.

Tested in WireShark 2.2.17 and 2.6.3.

Did I missed something obvious?