I'm developing a IEEE802.11 frame parser program using libpcap inside Linux with raw C. I can parse RadioTap and IEEE802.11 headers easily but I can't find out the protocol name which is encapsulated inside the IEEE802.11 MPDU. Unfortunatly there isn't any field in IEEE802.11 header indicating the encapsulated protocol (like protocol field in Ethernet header).
Any solution?
Data of IEEE802.11 data packets is encapsulated in a LLC header (See here):
An 802.11 frame should contain an LLC header if, and only if, it's a Data frame. The frame type and subtype are part of the Frame Control field in the MAC header; Data is one of the frame type values (the others are Control and Management). The subtype doesn't matter - all Data frames should contain an LLC header, and no other frames should.
There are two kinds of LLC header: 3 bytes, 8 bytes . IEEE 802.11 uses the second one (See here). In that one, the two last bytes of LLC header is equivalent to Ether Type field in Ethernet protocol. So 0x800 for this field means IPv4 for example.