Wireshark mailing list archives
Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header.
From: Guy Harris <guy () alum mit edu>
Date: Sat, 9 Apr 2016 02:33:43 -0700
On Apr 9, 2016, at 1:09 AM, Yang Luo <hsluoyb () gmail com> wrote:
However, most information of the radiotap header is zero like below. The most commonly seen TSFT field (I thought) is not there. Although I didn't implement some fields like "Rate" yet, but I still feel it's too blank? Maybe this is because the underlying network card driver doesn't implement so many 802.11 OOB data,
It could be:
https://social.technet.microsoft.com/Forums/en-US/624a6148-f8ed-4be0-819e-924ae3cd3dda/wifi-in-netmon-dealing-with-broken-monitor-mode-implementations-in-the-drivers?forum=netmon
Michael Berg of Tamosoft has also noted that the quality of the metadata supplied by Native Wi-Fi drivers for
Windows... *varies*. (Unfortunately, I think that was in some tweets he posted, and Twitter makes it *really hard* to
search - it seems not to find reply tweets, which I think his comments were.)
One of my 802.11 packet's radiotap header is like this: -------------------------------------------------------- Radiotap Header v0, Length 15 Header revision: 0 Header pad: 0 Header length: 15 Present flags Flags: 0x00 Channel frequency: 0
If the channel frequency is 0, that probably means that it's not supplied, so don't provide a Channel field.
Channel flags: 0x0000 SSI Signal: -47 dBm -------------------------------------------------------- The only field with non-zero values is SSI Signal. sometimes -46 dBm, sometimes -47 dBm, most times is also 0 dBm.
That might mean that it's not supplying a signal strength; it means "1 milliwatt", which seems to be a lot stronger than the signals I typically see, so it's probably not a valid value. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Yang Luo (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Guy Harris (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Yang Luo (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Guy Harris (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Yang Luo (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Guy Harris (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Yang Luo (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Yang Luo (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Guy Harris (Apr 09)