Results 1 to 3 of 3

Thread: Decoding prism:wlan packet from rt73 driver

  1. #1
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    2

    Default Decoding prism:wlan packet from rt73 driver

    Hi All,
    I am trying to decode beacon frames captured using the rt73 driver and libpcap with the jnetpcap java wrapper. Wireshark tells me the protocols in this frame are prism:wlan. I have stripped off the prism header (144 bytes) and retrieved all the data successfully.
    The next step is to strip off the WLAN header and decode. I am getting sensible information for source and destination mac addresses when compared to wireshark. However, the problem seems to be with the Frame Control bytes. According to the specifications the first two bytes are Frame Control. One of these bytes, has the protocol version, type and subtype. Due to bigendian/littleendian reading/writing I am not sure which one I have but I know its a beacon frame so one of these bytes should have type=0 and subtype=8. So thats |protocol 2 bytes|type 2 bytes|subtype 4 bytes|.
    My binary should be 00001000. What I actually get is 10000000.
    The other byte is all 0's. So what ever way you spin it this is never going to give you subtype 8.

    So the question is, is there some buffer/padding between the prism header and the WLAN header? If so how do I find my position in the WLAN header?

    Thanks in advance, Paul.

  2. #2
    Member DigiP's Avatar
    Join Date
    Jan 2010
    Location
    NJ
    Posts
    57

    Default

    Im not sure if this will help, but when you configure your card to capture, do you enter

    Code:
    iwpriv rausb0 forceprism 1
    I think that fixes the correct prism header(or I could be wrong) so you can decode it the way you were wanting to.

  3. #3
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    2

    Default

    I have not used forceprism. I cannot find any information on what this does. I assume that it forces the interface card to append the prism header. This is done by default and I can decode this correctly anyway. So I am not sure what you are suggesting here.
    I have tried forceprism 1 and forceprism 0. Both give the same result. My problem is with the encapsulated 802.11 packet. Are you suggesting that the prism header is interfering somehow?

    Thanks for the reply.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •