On Friday 20 November 2015 15:42:36 Patrick Bosch wrote:
ICMP should be encapsulated by IP, which is encapsulated by the Wi-Fi mac header. Now I know that batman advanced inserts it's own header. The question is, where exactly? Does it encapsulate the Wi-Fi mac and takes over the integrity check or not? Also, how does it behave in the case of enabled encryption? WPA2 has it's own integrity check.
Layers:
4. ICMP 3. IP 2.5: batman-adv + the original ethernet header 2. Eth/WiFi/... 1. ...
So it just doesn't know about the encryption because the encryption + MIC happens at a lower layer.
The reason I ask, is that in Wireshark, it appears as ICMP when I sniff the traffic without encryption enabled.
Wireshark (especially 2.0) can dissect/parse the batman-adv headers/encapsulation. You should check the "Packet Details" view in wireshark to see the different headers and the payload.
Kind regards, Sven