Wireshark-dev: Re: [Wireshark-dev] Got "Radiotap data goes past the end of the radiotap header"

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Yang Luo <hsluoyb@xxxxxxxxx>
Date: Sat, 9 Apr 2016 16:09:24 +0800
Hi Guy, Thanks!

This time it goes right!

However, most information of the radiotap header is zero like below. The most commonly seen TSFT field (I thought) is not there. Although I didn't implement some fields like "Rate" yet, but I still feel it's too blank?
Maybe this is because the underlying network card driver doesn't implement so many 802.11 OOB data, or Npcap's issue?

One of my 802.11 packet's radiotap header is like this:

--------------------------------------------------------
Radiotap Header v0, Length 15
  Header revision: 0
  Header pad: 0
  Header length: 15
  Present flags
  Flags: 0x00
  Channel frequency: 0
  Channel flags: 0x0000
  SSI Signal: -47 dBm
--------------------------------------------------------


The only field with non-zero values is SSI Signal.
sometimes -46 dBm, sometimes -47 dBm, most times is also 0 dBm.


Cheers,
Yang



On Sat, Apr 9, 2016 at 3:39 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
On Apr 9, 2016, at 12:24 AM, Yang Luo <hsluoyb@xxxxxxxxx> wrote:

> I have added Radiotap header to Windows. Currently only Flags, Channel and Antenna Signal are supported.
>
> The whole header with Radiotap data is 14 bytes:
> 8 bytes header + 1 byte Flags + 4 bytes Channel + 1 byte Antenna Signal.

It should be

        8 bytes header

        1 byte Flags

        1 byte padding, to put the Channel field on a 2-byte boundary

        4 bytes Channel

        1 byte Antenna signal

for a total of 15 bytes.  See the "Alignment in Radiotap" section of

        http://www.radiotap.org

If you add a Rate field after Flags, however, you *wouldn't* put the padding field there, as the Rate field is also 1 byte long, and there's no need for padding after a 1-byte Flags field and a 1-byte Rate field if a Channel field follows the Rate field.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe