tcpdump mailing list archives
RFC: 802.11 radio capture header
From: David Young <dyoung () pobox com>
Date: Sat, 2 Aug 2003 17:11:49 -0500
I have attached the header file (ieee802_11_radio.h) defining an improved (IMHO) generic 802.11 radio capture format. I have also attached patches containing my implementation for tcpdump. Please consider this format for adoption by tcpdump. The idea behind this capture format is that * it is generic: it suits radios parts by Cisco/Aironet, ADMtek, AMD 79c930, Prism 2.x, TI, Atheros, Atmel, and Realtek. * it is extensible: if new hardware provides useful new radio information, you can add them to this capture format without breaking existing parsers for the capture format. * it conserves bandwidth: the capture header length can vary with the content of the header; drivers can take advantage when libpcap finally groks variable-length headers. * it is more informative than previous radio headers: the units and meaning for each field are rigidly specified; fields can be left out which are meaningless in context (e.g., Rx signal strength can be left out of transmitted frames) * it supports advanced wireless applications: existing sniffer apps (dsniffer, kismet) can be adapted to use this format, for universal radio support; wireless routers algorithms can monitor a link and assign costs based on S/N ratio or on peers' data rate; stations can share S/N information with each other to support improved rate adaptation; and so on. Here is an example capture:
sudo ./tcpdump -ne -y ieee802_11_radio -s 256 -i wi0
Password: tcpdump: data link type ieee802_11_radio tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wi0, link-type 127, capture size 256 bytes 01:17:58.503262 2.0 Mb/s -64dB signal -73dB noise 2762646109us mactime BSSID:00:05:5d:da:ac:a8 DA:00:05:5d:da:ac:a8 SA:00:30:65:15:46:38 Authentication (Open System)-1: Succesful 01:17:58.503292 2.0 Mb/s BSSID:00:05:5d:da:ac:a8 DA:00:30:65:15:46:38 SA:00:05:5d:da:ac:a8 Authentication (Open System)-2: 01:17:58.505034 2.0 Mb/s -64dB signal -73dB noise 2876613213us mactime BSSID:00:05:5d:da:ac:a8 DA:00:05:5d:da:ac:a8 SA:00:30:65:15:46:38 Assoc Request (ojc) [1.0 2.0 5.5 11.0 Mbit] 01:17:58.505051 2.0 Mb/s BSSID:00:05:5d:da:ac:a8 DA:00:30:65:15:46:38 SA:00:05:5d:da:ac:a8 Assoc Response AID(1) :: Succesful 01:17:59.033918 2.0 Mb/s -64dB signal -73dB noise 3153437285us mactime BSSID:00:05:5d:da:ac:a8 SA:00:30:65:15:46:38 DA:00:05:5d:da:ac:a8 LLC, dsap 0xaa, ssap 0xaa, cmd 0x03, IP 192.168.1.109 > 192.168.1.1: icmp 64: echo request seq 2660 01:17:59.034024 2.0 Mb/s DA:00:30:65:15:46:38 BSSID:00:05:5d:da:ac:a8 SA:00:05:5d:da:ac:a8 LLC, dsap 0xaa, ssap 0xaa, cmd 0x03, IP 192.168.1.1 > 192.168.1.109: icmp 64: echo reply seq 2660 01:17:59.627226 2.0 Mb/s -64dB signal -73dB noise 3309281902us mactime BSSID:00:05:5d:da:ac:a8 SA:00:30:65:15:46:38 DA:ff:ff:ff:ff:ff:ff LLC, dsap 0xaa, ssap 0xaa, cmd 0x03, IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:30:65:15:46:38, length: 303 01:17:59.630303 2.0 Mb/s DA:00:30:65:15:46:38 BSSID:00:05:5d:da:ac:a8 SA:00:05:5d:da:ac:a8 LLC, dsap 0xaa, ssap 0xaa, cmd 0x03, IP 192.168.1.1.67 > 192.168.1.109.68: BOOTP/DHCP, Reply, length: 300 01:18:00.034279 2.0 Mb/s -64dB signal -73dB noise 4287079028us mactime BSSID:00:05:5d:da:ac:a8 SA:00:30:65:15:46:38 DA:00:05:5d:da:ac:a8 LLC, dsap 0xaa, ssap 0xaa, cmd 0x03, IP 192.168.1.109 > 192.168.1.1: icmp 64: echo request seq 2661 01:18:00.034373 2.0 Mb/s DA:00:30:65:15:46:38 BSSID:00:05:5d:da:ac:a8 SA:00:05:5d:da:ac:a8 LLC, dsap 0xaa, ssap 0xaa, cmd 0x03, IP 192.168.1.1 > 192.168.1.109: icmp 64: echo reply seq 2661 Dave -- David Young OJC Technologies dyoung () ojctech com Urbana, IL * (217) 278-3933
Attachment:
tcpdump-radio-diffs
Description:
Attachment:
ieee802_11_radio.h
Description:
Current thread:
- RFC: 802.11 radio capture header David Young (Aug 15)
- Re: RFC: 802.11 radio capture header Guy Harris (Aug 15)
- Re: RFC: 802.11 radio capture header David Young (Aug 18)
- Re: RFC: 802.11 radio capture header Guy Harris (Aug 18)
- Re: RFC: 802.11 radio capture header Guy Harris (Aug 15)