Re: What's the difference between NdisMediumBare80211 (DLT_IEEE802_11) and NdisMediumRadio80211 (DLT_IEEE802_11_RADIO)

[Guy Harris <guy () alum mit edu>]

On Apr 3, 2016, at 11:47 PM, Yang Luo <hsluoyb () gmail com> wrote:

> I'm adding Native 802.11 capture support to Npcap and demonstrate it on
> Wireshark. (See:
> https://github.com/nmap/npcap/releases/download/v0.06-r13/npcap-nmap-0.06-r13-wifi.exe).
> I found that the there are two 802.11 related values to show the adapter
> type: NdisMediumBare80211 and NdisMediumRadio80211
>
> I don't know their differences. And All I can googled out is a post on this
> list 10 years before: http://seclists.org/tcpdump/2006/q3/32. So I sent my
> query here:)
>
>
> Packet.dll translates them based on the following code:
>
> case NdisMediumBare80211:
> p->linktype = DLT_IEEE802_11;
> break;
>
> case NdisMediumRadio80211:
> p->linktype = DLT_IEEE802_11_RADIO;
> break;
>
> So I want to know which value should I use for native 802.11 capturing?

If you're supplying a radiotap header, so that the packet data begins with a radiotap header, use NdisMediumRadio80211.

If you're not supplying any radio metadata, so that the packet data begins with an 802.11 header, use 
NdisMediumBare80211.

If you're doing anything else, do one of the two things above instead.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers