802.11 timeline view and aggregation

[Simon Barber <simon.barber () meraki net>]

A few years ago I wrote an extension for Wireshark that allows 802.11
frames to be viewed on a zoomable, scrollable timeline in a third pane
added to the main display.

https://github.com/parc-wifi/wireshark

I'm now working on updating and revamping that code to support 802.11n and
802.11ac, and porting it to the new QT UI.

802.11n added aggregation as a new feature. Most wireless cards do the
de-aggregation in the hardware, and deliver the individual MPDU frames to
the driver. As a result all the radiotap captures I have seen have multiple
frames in the capture where on the air there was only a single physical
layer aggregate frame (A-MPDU). Since this extension to wireshark is
calculating and exposing physical layer properties (inter frame spaces and
timings) it needs to work with physical layer frames. I have a design
question. Should I

1. pre-process the capture files to re-aggregate the MPDUs into single
A-MPDU frames (a single A-MPDU shows up in wireshark as a single packet,
containing multiple 802.11 MPDUs)
or
2. somehow track the A-MPDUs within wireshark, perhaps using the
'conversation' feature. (frames show up in the packet list as they do now -
each MPDU is a separate packet in wireshark, and the timeline view needs to
be smart as to how it displays them).

Simon

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe