Wireshark-dev: Re: [Wireshark-dev] Patch to add read support for Shomiti wireless captures

From: "Clay Jones" <clay.jones@xxxxxxxxx>
Date: Fri, 2 Feb 2007 09:02:28 -0700
Here is a capture in the wireless Shomiti format. This capture is of an association between a Linksys 802.11n client and AP. I am working on some decodes for 802.11n that I will try to send in shortly.

In another email you asked what the meaning of the various header fields were.

pad[4] contains 3 bytes of FF followed by the length of the remaining header (8)
undecrypt[2] contains a bitmask (big endian)
 Bits 0 to 2 is the mac port the packet was received on
 Bit 3 unused
 Bit 4 PCF Flag (Packet received outside of contention)
Bits 5 to 7 is the message type (I think it's always 0 for a normal packet)



From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 18 Jan 2007 12:53:04 -0800

On Jan 17, 2007, at 8:37 AM, Clay Jones wrote:
This patch adds support for the Shomiti wireless packet format. This is the
format used by the Fluke Networks WNA (Wireless Network Analyzer).

What are the fields that aren't mapped to 802.11 pseudo-header fields, namely
"preamble", "code", and "qual"? (Presumably "channel" is a channel number,
"rate" is the data rate in 500Kb/s units, and "signal" is signal strength as
a percentage.
Do you have any captures we can use for testing?

Attachment: linksys_n_assoc_40mhz.cap
Description: Binary data