Re: RadioTap Parsing as seperate library

[Guy Harris <gharris () sonic net>]

On Apr 15, 2024, at 3:47 PM, Ravi chandra <particlereddy () gmail com> wrote:

> I am planning to create an ieee 802.11 packet RadioTap parsing
> code/library [offlines processing of pcap-ng files. Decoding each and
> every field and write it to a .csv file].

If that's all you're doing, is there some reason why you don't just use TShark and do

        tshark -T fields -E separator=, -E quote=d -e {radiotap field} -e {another radiotap field} ...

> Meanwhile, before asking [did my homework] of going through source
> code and found the following.
>
> [1] Compared to the Wireshark library, RadioTap library files

By "Radiotap library files" do you mean this library:

        https://github.com/radiotap/radiotap-library

> are NOT updated in the radiotap-library.

What do you mean by "NOT updated"?  Do you mean that the recent commits haven't significantly changed the library?  If 
so, maybe there's not much that needs changing.

> [2] I see RadioTap headers/files/parsing functions have additional
> arguments [which are specific to wireshark]. In other words, there is
> NO direct way to call RadioTap headers easily to integrate with
> libpcap_open_offline and pcap_next.

Note that tcpdump has its own code to parse radiotap headers, and that code doesn't use the Radiotap library.
_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s