I'm digging around wlan analysis currently, and was not able to grasp - how are those two fields (wlan.bssid and wlan.staa) get obtained? For example, here are two images presenting only packets, available for analysis:
bssid:
staa (hidden the IP's):
(
How does wireshark know, that those packets originate from a AP or station? I thought only way was to see if its a beacon/probe resp for an AP, and probe request for station. The whole idea is to differetiate between station and AP by the most available clues there are.
I've digged around source code to try to understand how, but was not succesfull.