What's the difference between wlan.sa, wlan.ra, wlan.ta and wlan.da?
The descriptions from the manual don't make a lot of sense to me. I'd think there would be -just like an ethernet frame- just a source MAC address and a destination MAC address.
Sorry, that's not how IEEE Std 802.11 works. It's not a simple network technology in which hosts always send packets directly to another host; many 802.11 networks involve an access point that forwards packets between machines on the network.
If, for example, a host with the MAC address 00:02:04:06:08:0a sends a packet to another host with the MAC address 0a:08:06:04:02:00, and they're both on a network using an access point with the MAC address 10:12:14:16:18:1a, the source address, wlan.sa, is 00:02:04:06:08:0a, the destination address, wlan.da, is 0a:08:06:04:02:00, and the receiver address, wlan.ra, is 10:12:14:16:18:1a, as the packet will go to the access point.
When the access point transmits that packet to the destination host, for that packet the source address, wlan.sa, is again 00:02:04:06:08:0a, the destination address, wlan.da, is again 0a:08:06:04:02:00, and the transmitter address, wlan.ta, is 10:12:14:16:18:1a, as the packet is coming from the access point.
In a more complicated network with multiple access points (an "extended service set"), access points may forward packets to each other, in which case all four addresses could be set, with wlan.ta being the MAC address of the sending access point and wlan.ra being the MAC address of the receiving access point.
So:
Also, what would be the best equivalent of
eth.srcandeth.dst(of ethernet frames)?
wlan.sa and wlan.da.
Which field represents the wireless client's MAC address?
wlan.sa.
If you search for "802.11 tutorial" on the Web, some of the tutorials it shows might be useful.
If you're willing to "take a drink from the firehose", there's always the 802.11 standards themselves.
From https://supportforums.cisco.com/document/52391/80211-frames-starter-guide-learn-wireless-sniffer-traces:
"Destination Address (DA) : Final recipient of the frame
Source Address (SA) : Original source of the frame
Receiver Address (RA) : Immediate receiver of the frame
Transmitter Address (TA) : Immediate sender of the frame"
Their values are interpreted in combination with values of To DS, From DS (To / From - distribution system):
To DS=0, From DS=0
A frame sent between two stations not being APs in a BSS or IBSS. It is also the case for all management and control frames (directly sent to the AP and not the DS)
To DS=0, From DS=1
A frame sent by a station for an AP (destined to the DS)
To DS=1, From DS=0
A frame exiting the DS for a station.
To DS=1,From DS=1
Only frame using all four addresses fields. Seen in Wireless DS (mesh, repeater, …) where an AP sends a frame to another AP, it is exiting the DS and destined to the DS at the same time in that situation.