RFC: 802.11 radio capture header

[David Young <dyoung () pobox com>]

I have attached the header file (ieee802_11_radio.h) defining an improved
(IMHO) generic 802.11 radio capture format. I have also attached patches
containing my implementation for tcpdump. Please consider this format
for adoption by tcpdump.

The idea behind this capture format is that

* it is generic: it suits radios parts by Cisco/Aironet, ADMtek,
  AMD 79c930, Prism 2.x, TI, Atheros, Atmel, and Realtek.

* it is extensible: if new hardware provides useful new radio
  information, you can add them to this capture format without breaking
  existing parsers for the capture format.

* it conserves bandwidth: the capture header length can vary
  with the content of the header; drivers can take advantage when
  libpcap finally groks variable-length headers. 

* it is more informative than previous radio headers: the units and
  meaning for each field are rigidly specified; fields can be left out
  which are meaningless in context (e.g., Rx signal strength can be left
  out of transmitted frames)

* it supports advanced wireless applications: existing sniffer
  apps (dsniffer, kismet) can be adapted to use this format, for universal
  radio support; wireless routers algorithms can monitor a link and assign
  costs based on S/N ratio or on peers' data rate; stations can share
  S/N information with each other to support improved rate adaptation;
  and so on.

Here is an example capture:

> sudo ./tcpdump -ne -y ieee802_11_radio -s 256 -i wi0
Password:
tcpdump: data link type ieee802_11_radio
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wi0, link-type 127, capture size 256 bytes
01:17:58.503262 2.0 Mb/s -64dB signal -73dB noise 2762646109us mactime BSSID:00:05:5d:da:ac:a8 DA:00:05:5d:da:ac:a8 
SA:00:30:65:15:46:38 Authentication (Open System)-1: Succesful
01:17:58.503292 2.0 Mb/s BSSID:00:05:5d:da:ac:a8 DA:00:30:65:15:46:38 SA:00:05:5d:da:ac:a8 Authentication (Open 
System)-2: 
01:17:58.505034 2.0 Mb/s -64dB signal -73dB noise 2876613213us mactime BSSID:00:05:5d:da:ac:a8 DA:00:05:5d:da:ac:a8 
SA:00:30:65:15:46:38 Assoc Request (ojc) [1.0 2.0 5.5 11.0 Mbit]
01:17:58.505051 2.0 Mb/s BSSID:00:05:5d:da:ac:a8 DA:00:30:65:15:46:38 SA:00:05:5d:da:ac:a8 Assoc Response AID(1) :: 
Succesful
01:17:59.033918 2.0 Mb/s -64dB signal -73dB noise 3153437285us mactime BSSID:00:05:5d:da:ac:a8 SA:00:30:65:15:46:38 
DA:00:05:5d:da:ac:a8 LLC, dsap 0xaa, ssap 0xaa, cmd 0x03, IP 192.168.1.109 > 192.168.1.1: icmp 64: echo request seq 2660
01:17:59.034024 2.0 Mb/s DA:00:30:65:15:46:38 BSSID:00:05:5d:da:ac:a8 SA:00:05:5d:da:ac:a8 LLC, dsap 0xaa, ssap 0xaa, 
cmd 0x03, IP 192.168.1.1 > 192.168.1.109: icmp 64: echo reply seq 2660
01:17:59.627226 2.0 Mb/s -64dB signal -73dB noise 3309281902us mactime BSSID:00:05:5d:da:ac:a8 SA:00:30:65:15:46:38 
DA:ff:ff:ff:ff:ff:ff LLC, dsap 0xaa, ssap 0xaa, cmd 0x03, IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 
00:30:65:15:46:38, length: 303
01:17:59.630303 2.0 Mb/s DA:00:30:65:15:46:38 BSSID:00:05:5d:da:ac:a8 SA:00:05:5d:da:ac:a8 LLC, dsap 0xaa, ssap 0xaa, 
cmd 0x03, IP 192.168.1.1.67 > 192.168.1.109.68: BOOTP/DHCP, Reply, length: 300
01:18:00.034279 2.0 Mb/s -64dB signal -73dB noise 4287079028us mactime BSSID:00:05:5d:da:ac:a8 SA:00:30:65:15:46:38 
DA:00:05:5d:da:ac:a8 LLC, dsap 0xaa, ssap 0xaa, cmd 0x03, IP 192.168.1.109 > 192.168.1.1: icmp 64: echo request seq 2661
01:18:00.034373 2.0 Mb/s DA:00:30:65:15:46:38 BSSID:00:05:5d:da:ac:a8 SA:00:05:5d:da:ac:a8 LLC, dsap 0xaa, ssap 0xaa, 
cmd 0x03, IP 192.168.1.1 > 192.168.1.109: icmp 64: echo reply seq 2661

Dave

-- 
David Young             OJC Technologies
dyoung () ojctech com      Urbana, IL * (217) 278-3933

Attachment: tcpdump-radio-diffs
Description:

Attachment: ieee802_11_radio.h
Description: