Wireshark mailing list archives
Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header.
From: Yang Luo <hsluoyb () gmail com>
Date: Sat, 9 Apr 2016 16:09:24 +0800
Hi Guy, Thanks! This time it goes right! However, most information of the radiotap header is zero like below. The most commonly seen TSFT field (I thought) is not there. Although I didn't implement some fields like "Rate" yet, but I still feel it's too blank? Maybe this is because the underlying network card driver doesn't implement so many 802.11 OOB data, or Npcap's issue? One of my 802.11 packet's radiotap header is like this: -------------------------------------------------------- Radiotap Header v0, Length 15 Header revision: 0 Header pad: 0 Header length: 15 Present flags Flags: 0x00 Channel frequency: 0 Channel flags: 0x0000 SSI Signal: -47 dBm -------------------------------------------------------- The only field with non-zero values is SSI Signal. sometimes -46 dBm, sometimes -47 dBm, most times is also 0 dBm. Cheers, Yang On Sat, Apr 9, 2016 at 3:39 PM, Guy Harris <guy () alum mit edu> wrote:
On Apr 9, 2016, at 12:24 AM, Yang Luo <hsluoyb () gmail com> wrote:I have added Radiotap header to Windows. Currently only Flags, Channeland Antenna Signal are supported.The whole header with Radiotap data is 14 bytes: 8 bytes header + 1 byte Flags + 4 bytes Channel + 1 byte Antenna Signal.It should be 8 bytes header 1 byte Flags 1 byte padding, to put the Channel field on a 2-byte boundary 4 bytes Channel 1 byte Antenna signal for a total of 15 bytes. See the "Alignment in Radiotap" section of http://www.radiotap.org If you add a Rate field after Flags, however, you *wouldn't* put the padding field there, as the Rate field is also 1 byte long, and there's no need for padding after a 1-byte Flags field and a 1-byte Rate field if a Channel field follows the Rate field. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Yang Luo (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Guy Harris (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Yang Luo (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Guy Harris (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Yang Luo (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Guy Harris (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Yang Luo (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Yang Luo (Apr 09)
- Re: Got "Radiotap data goes past the end of the radiotap header" for Npcap's radiotap header. Guy Harris (Apr 09)