Wireshark mailing list archives

Re: What's the difference between NdisMediumBare80211 (DLT_IEEE802_11) and NdisMediumRadio80211 (DLT_IEEE802_11_RADIO)

From: Yang Luo <hsluoyb () gmail com>
Date: Thu, 7 Apr 2016 08:40:42 +0800

Hi Guy,

I wonder why this mail went to my spam.. I don't know anything about radiotap
header so I'm afraid i'm not supplying it. And I have confirmed that my
captured packets are parsed well using NdisMediumBare80211. In Wireshark it
shows "IEEE 802.11 Data". So I think I will just use this value. Thanks!


Cheers,
Yang

On Thu, Mar 31, 2016 at 10:59 AM, Guy Harris <guy () alum mit edu> wrote:

On Mar 30, 2016, at 5:09 PM, Yang Luo <hsluoyb () gmail com> wrote:

I'm adding Native 802.11 capture support to Npcap and demonstrate it on

Wireshark. (See:
https://github.com/nmap/npcap/releases/download/v0.06-r13/npcap-nmap-0.06-r13-wifi.exe).
I found that the there are two 802.11 related values to show the adapter
type: NdisMediumBare80211 and NdisMediumRadio80211



And Packet.dll translates them based on the following code:

      case NdisMediumBare80211:
              p->linktype = DLT_IEEE802_11;
              break;

      case NdisMediumRadio80211:
              p->linktype = DLT_IEEE802_11_RADIO;
              break;

So I want to know which value should I use for native 802.11 capturing?


If you're supplying a radiotap header, so that the packet data begins with
a radiotap header, use NdisMediumRadio80211.

If you're not supplying any radio metadata, so that the packet data begins
with an 802.11 header, use NdisMediumBare80211.

If you're doing anything else, do one of the two things above instead.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: What's the difference between NdisMediumBare80211 (DLT_IEEE802_11) and NdisMediumRadio80211 (DLT_IEEE802_11_RADIO) Yang Luo (Apr 06)