I have been capturing some packets over wifi using wireshark for analysis. If I captured IEEE 802.11 frames on an interface in monitor mode. If I capture an IEEE packet on an open network without encryption then I cannot see any ethernet headers. However if I capture the same packets on a usual interface(not in monitor mode), then I can see ethernet headers. I was not able to decrypt wpa packets captured in monitor mode for more analysis. So is there actually an ethernet layer when an IEEE packet is transmitted? Or is it removed from the frame by the driver before delivering to applications listening on the upper layers?
Here is a packet missing ethernet layer.
This is how the packet looks like on capturing on a usual interface(not in monitor), exactly like a capture on a wired network
Add a comment
|
1 Answer
Is there an ethernet header in IEEE 802.11
No. There's an 802.11 header.
However, on most operating systems, when you capture network traffic on an 802.11 device, and you're not capturing in monitor mode, the hardware and/or driver provide packets with a fake Ethernet header to the program that's doing the capturing, so it looks as if there's an Ethernet header.