Wireshark-dev: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wiresh

From: Richard Kinder <rkinder@xxxxxxxxxxxxx>
Date: Thu, 3 Dec 2015 23:07:24 +0000
I've yet to ... finish that sentence:

I've yet to look more closely at the peektagged format and whether there are any unparsed tags which may contain the TSF. I'll have a look at the trace through hexdump to see if there are any other TSF like counters incrementing appropriately.

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Richard Kinder
Sent: Friday, 4 December 2015 9:54 AM
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?

Sure, I appreciate this. Done for practical reasons, not as a final solution.

From what I can see, peektagged has no TSF timestamp (I've yet to . My understanding is airopeek etc. will use hardware timestamps when available, which have much better resolution and accuracy than the TSF.

I'll be looking into peektagged in a bit more detail, but for now what I have is good enough for a POC.

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Friday, 4 December 2015 9:28 AM
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] wiretap - using as a library rather than coupled with Wireshark?


On Dec 3, 2015, at 2:02 PM, Richard Kinder <rkinder@xxxxxxxxxxxxx> wrote:

> and I get something which is pcap + RT. I’m pushing the packet timestamp from the airopeek capture into the tsfts RT field,

"RT" as in "radiotap"?

If so, the packet timestamp should not be used as the TSF timestamp value; instead, if the PHDR_802_11_HAS_TSF_TIMESTAMP bit is set in the presence_flags field of the "struct ieee_802_11_phdr" pseudo-header, use the tsf_timestamp field of that structure as the TSFT field in the radiotap header, otherwise don't put a TSFT field into the radiotap header.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


This email, including its contents and any attachment(s), may contain confidential information of Quantenna Communications, Inc. and is solely for the intended recipient(s). If you may have received this in error, please contact the sender and permanently delete this email, its contents and any attachment(s).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


This email, including its contents and any attachment(s), may contain confidential information of Quantenna Communications, Inc. and is solely for the intended recipient(s). If you may have received this in error, please contact the sender and permanently delete this email, its contents and any attachment(s).