Re: output query

[Guy Harris <guy () alum mit edu>]

On Feb 5, 2010, at 6:41 PM, Liu Feng wrote:
 
> when I use tcpdump to capture wifi signals, this is the result I get:
>  
> 15:47:31.547609 285163963350us tsft 1.0 Mb/s 2437 MHz (0x00a0) -98dB signal -102dB noise antenna 1 [0x0000000e] 
> BSSID:00:23:69:29:10:5b DA:ff:ff:ff:ff:ff:ff SA:00:23:69:29:10:5b Beacon (EKAHAU) ESS, PRIVACY
>
> can you tell me the meanings of the highlighted information?

Highlighted?  Nothing highlighted above. :-)

(Yeah, some of us send plain-text mail by default.)

In any case:

285163963350us tsft:

        the Time Synchronization Function Timer value for the frame:

                http://www.radiotap.org/defined-fields/TSFT

1.0 Mb/s:

        the data rate at which the frame was received:

                http://www.radiotap.org/defined-fields/Rate

(0x00a0):

        I'm not sure - I don't see anything in top-of-tree tcpdump that would print that in a radiotap header; what 
version of tcpdump are you using?  (What does "tcpdump -h" print, and what version of what OS is this on?  If it's a 
Linux distribution, give the name of the distribution, and the release of the distribution, rather than the version of 
the kernel.)

[0x0000000e]:

        In theory, that would be an indication that there's a radiotap "presence bit" that tcpdump doesn't know about, 
except that 0x0000000e has 3 bits set.

DA:ff:ff:ff:ff:ff:ff:

        that's the Destination Address of the frame; see IEEE 802.11-2007 - IEEE 802.11 has more MAC addresses than 
does, for example, Ethernet

SA:00:23:69:29:10:5b

        that's the Source Address of the frame; see IEEE 802.11-2007-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.