Is there an ethernet header in IEEE 802.11

1

I have been capturing some packets over wifi using wireshark for analysis. If I captured IEEE 802.11 frames on an interface in monitor mode. If I capture an IEEE packet on an open network without encryption then I cannot see any ethernet headers. However if I capture the same packets on a usual interface(not in monitor mode), then I can see ethernet headers. I was not able to decrypt wpa packets captured in monitor mode for more analysis. So is there actually an ethernet layer when an IEEE packet is transmitted? Or is it removed from the frame by the driver before delivering to applications listening on the upper layers?

Here is a packet missing ethernet layer. enter image description here


This is how the packet looks like on capturing on a usual interface(not in monitor), exactly like a capture on a wired networkenter image description here

Sunny

Posted 2015-11-11T08:04:48.113

Reputation: 159

Answers

3

Is there an ethernet header in IEEE 802.11

No. There's an 802.11 header.

However, on most operating systems, when you capture network traffic on an 802.11 device, and you're not capturing in monitor mode, the hardware and/or driver provide packets with a fake Ethernet header to the program that's doing the capturing, so it looks as if there's an Ethernet header.

user164970

Posted 2015-11-11T08:04:48.113

Reputation:

Asked: 2015-11-11T08:04:48.113

Viewed: 292 times

Active: 2015-11-11T08:14:20.090