Hey, hope this is the right place for this kind of issue.
So I've been dealing with Authentication/Deauth and Association WLAN packets, and noticed that some fields are parsed by Wireshark's dissectors as little Endian, but are sent by Cisco WLC as big Endian (at least I think they are).
The Deauthentication packet sent with reason code bytes of - 0017. This is parsed by Wireshark as little Endian, which is 0x1700. There is no reason code known for this number (5888). On the other side, if we parse this as big Endian, we get 0x0017 = 23 - IEEE 802.1X authentication failed, which makes sense.
This is the packet:
These are the reason codes:
On the same note, I see Authentication packets sent with the Authentication Algorithm of 0x002 (which is parsed by wireshark as 512 - unknown due to the issue above). But, as far as I know, there are only 2 possible Algorithms:
0 - Open System.
1 - Shared Key.
What is 2?
If anyone came across any of these issues, I would love to hear your insights.