diff options
| author | Joerg Mayer <jmayer@loplof.de> | 2016-05-11 13:37:47 +0200 |
|---|---|---|
| committer | Jörg Mayer <jmayer@loplof.de> | 2016-05-11 11:41:18 +0000 |
| commit | f1c697ff70631df88ffc485a0d07939894a67af5 (patch) | |
| tree | eb8c40693c042e67814d5cafa1a5729625019c1a /epan/dissectors/packet-cisco-wids.c | |
| parent | 505bf5945b4ffc14173142e1fd817a2e928d79b1 (diff) | |
Decode the first 6 bytes of Unknown1 as Timestamp: Two recorded Beacons
had the identical difference in the timestamp and unknown1 value, and
the difference was almost identical to the beacon interval (102398 vs 102400us).
Change-Id: Ic3fe8c1b52f3e9852ffdeae0fda79c5cb2e1482b
Reviewed-on: https://code.wireshark.org/review/15368
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Diffstat (limited to 'epan/dissectors/packet-cisco-wids.c')
| -rw-r--r-- | epan/dissectors/packet-cisco-wids.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/epan/dissectors/packet-cisco-wids.c b/epan/dissectors/packet-cisco-wids.c index 462ccbaa6b..833059d5ec 100644 --- a/epan/dissectors/packet-cisco-wids.c +++ b/epan/dissectors/packet-cisco-wids.c @@ -57,6 +57,7 @@ static guint global_udp_port = 0; static int proto_cwids = -1; static int hf_cwids_version = -1; +static int hf_cwids_timestamp = -1; static int hf_cwids_unknown1 = -1; static int hf_cwids_channel = -1; static int hf_cwids_unknown2 = -1; @@ -97,8 +98,10 @@ dissect_cwids(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U phdr.phy = PHDR_802_11_PHY_UNKNOWN; proto_tree_add_item(cwids_tree, hf_cwids_version, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; - proto_tree_add_item(cwids_tree, hf_cwids_unknown1, tvb, offset, 7, ENC_NA); - offset += 7; + proto_tree_add_item(cwids_tree, hf_cwids_timestamp, tvb, offset, 6, ENC_NA); + offset += 6; + proto_tree_add_item(cwids_tree, hf_cwids_unknown1, tvb, offset, 1, ENC_NA); + offset += 1; phdr.has_channel = TRUE; phdr.channel = tvb_get_guint8(tvb, offset); proto_tree_add_item(cwids_tree, hf_cwids_channel, tvb, offset, 1, ENC_BIG_ENDIAN); @@ -139,9 +142,13 @@ proto_register_cwids(void) { "Capture Version", "cwids.version", FT_UINT16, BASE_DEC, NULL, 0x0, "Version or format of record", HFILL }}, + { &hf_cwids_timestamp, + { "Timestamp [us]", "cwids.timestamp", FT_BYTES, BASE_NONE, NULL, + 0x0, NULL, HFILL }}, + { &hf_cwids_unknown1, { "Unknown1", "cwids.unknown1", FT_BYTES, BASE_NONE, NULL, - 0x0, "1st Unknown block - timestamp?", HFILL }}, + 0x0, "1st Unknown block", HFILL }}, { &hf_cwids_channel, { "Channel", "cwids.channel", FT_UINT8, BASE_DEC, NULL, |