Interpreting Frame Control bytes in 802.11 Wireshark trace

Question

I have a Wi-Fi capture (.pcap) that I\'m analysing and have run across what appear to me to be inconsistencies between the 802.11 spec and Wireshark\'s interpretati

Answer 1

I am using wireshark version-2.4.3 on windows. My capture file of dataframes is like below.

Frame control field = 0x0842 i.e., in binary format 0000 1000 0100 0010 
Framecontrol flag field = 0x42.i.e., in binary format 0100 0010

So, as per my understanding the LSB 8bits in a framecontrol field will correspond to flags.

MSB 8bits will correspond to subtype, type, version i.e. in my case 0000-subtype & 10-type & 00-version.

Which is data frame of subtype 0.

It might be the error with wireshark in your case. It should dispaly frame control field as 0x0822 instead of 0x2208.

Flags field is properly displayed as 0x22.

In My case I am using wireshark-2.4.3 and display of frame control field is correct 0x0842 where flags is 0x42.

My_capture_file: