0
I'm building a (Python) parser of PcapNG files created by Wireshark.
After reading https://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html, I'm having the following problems:
I'd like to determine each packet's protocol variant (802.11b, 802.11a, 802.11g or 802.11n).
However, the PcapNG defines only the following link types:- LINKTYPE_IEEE802_11 105 IEEE 802.11 (wireless)
- LINKTYPE_IEEE802_11_RADIO 127 802.11 plus BSD radio header
Is there a way to find the protocol variant inside a PcapNG trace file?
Is there a way to decipher the data inside the packet_payload_info, e.g. in the following:
EnhancedPacket(interface_id=0, timestamp_high=332139, timestamp_low=2801116213L, packet_payload_info=(57, 57, '\x00\x00\x19\x00o\x08\x00\x00\tJ\xb2&\x00\x00\x00\x00\x12\x18q\x16@\x01\xca\xaa\x00\x94\x00\x00\x00`\x92\x175\x00\x01\xf4\x0f\x1b\xb8sL\x04\x00\xc0#\xff\xff\xff\xff\xff\xff\xff\xffX\xd0Y\'), options=Options({}))
boardrider
Posted 2015-03-30T07:21:28.940
Reputation: 615
SuperUser (and all the StackExchange network sites, really) tend to work a lot better if you ask separate questions in separate Question posts, rather than putting two only semi-related questions into a single Question post like you did here. Consider editing this Question post to remove the second question item, and post that as a separate Question post. – Spiff – 2015-03-30T18:16:45.090