Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-11-23 02:26:43 +0000

anonymous user

Anonymous

How is wlan.bssid and wlan.staa obtained?

I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:

bssid:

https://i.imgur.com/Y1acfak.png

staa (hidden the IP's):

(https://i.imgur.com/H5SXS9o.png

How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.

I've digged around source code to try to understand how, but was not succesfull.

How is wlan.bssid and wlan.staa obtained?

I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:

bssid:

https://i.imgur.com/Y1acfak.png

staa (hidden the IP's):

(https://i.imgur.com/H5SXS9o.png

How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.

I've digged around source code to try to understand how, but was not succesfull.

How is are wlan.bssid and wlan.staa obtained?

I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:

bssid:

https://i.imgur.com/Y1acfak.png

staa (hidden the IP's):

(https://i.imgur.com/H5SXS9o.png

How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.

I've digged around source code to try to understand how, but was not succesfull.

How are wlan.bssid and wlan.staa obtained?

I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:

bssid:

https://i.imgur.com/Y1acfak.png

staa (hidden the IP's):

(https://i.imgur.com/H5SXS9o.png

How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.

I've digged around source code to try to understand how, but was not succesfull.

How are wlan.bssid and wlan.staa obtained?

I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:

bssid:

https://i.imgur.com/Y1acfak.png

staa (hidden the IP's):

https://i.imgur.com/H5SXS9o.png

How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.

I've digged around source code to try to understand how, but was not succesfull.

EDIT: I was able to find a picture, that derives the bssid from to ds/from ds fields. Maybe thats exactly the way? How is STAA obtained is still a question. imgur

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2