tcpdump mailing list archives
Re: Missing packet fields in big endian with ath9k
From: Guy Harris <guy () alum mit edu>
Date: Sat, 27 Apr 2013 15:59:16 -0700
On Apr 27, 2013, at 3:26 PM, Luis Correia <lfpcorreia () gmail com> wrote:
Im getting DLT_IEEE802_11_RADIO. Is this ok?
Yes. That means you have a Radiotap header.
About the rssi values I managed to get them by teaching myself little endian vs big endian and redefining my struct's fields. I'm now getting correct rssi values almost every time. (Negative, distance coherent..)
Note that, as I said, unless you're running on OpenBSD, what you're getting is either "RF signal power at the antenna"
as "a single signed 8-bit value, which indicates the RF signal power at the antenna, in decibels difference from 1mW":
http://www.radiotap.org/defined-fields/Antenna%20signal
or "RF signal power at the antenna, decibel difference from an arbitrary, fixed reference" as "a single unsigned 8-bit
value":
http://www.radiotap.org/defined-fields/dB%20antenna%20signal
Note also that parsing radiotap headers should not be done by assuming the radiotap header is a fixed-format structure;
all values in a radiotap header are optional, so you should scan through the "presence bits" looking for one of the two
"antenna signal" values and, *depending on which one you find*, treating it as "signed dB from 1mW" or "unsigned dB
from some unspecified reference point".
However sometimes I see packets with positive values!!
If it's dBm (decibels from 1 mW) the value is signed, which could be positive (meaning "stronger than 1mW"). If it's dB from an arbitrary fixed reference point, the value is unsigned, which is *always* positive.
PS: If I'm not mistaken aren't you the guy that wrote libpcap?!
You're mistaken. It was written by Steve McCanne and Van Jacobson:
http://sharkfest.wireshark.org/sharkfest.11/presentations/McCanne-Sharkfest'11_Keynote_Address.pdf
I've been a significant contributor, but that's just building upon a strong base they created.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (Apr 26)
- Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 26)
- Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 27)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 27)
- Re: Missing packet fields in big endian with ath9k Luís Correia (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Mike Kershaw / Dragorn (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (May 01)
- Re: Missing packet fields in big endian with ath9k Denis Ovsienko (Apr 27)
- Re: Missing packet fields in big endian with ath9k Luís Correia (Apr 28)
- Re: Missing packet fields in big endian with ath9k Denis Ovsienko (Apr 28)