Wireshark-users: Re: [Wireshark-users] how to capture GPS

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sat, 16 May 2009 10:28:45 -0700

On May 15, 2009, at 3:27 PM, iodavide@xxxxxxxxx wrote:

I'm preparing a testbed to analyze wireless AdHoc traffic between two
vehicles.
I choose Wireshark to capture and analyze packet using Radiotap-header
in order to collect received signal strength.
I bought two garmin GPS 60 and I would like to capture real time gps
data (position, clock, velocity, relative distance between
vehicles...) using gpsd and I would like to synchronize laptops clock
to gps clock
This is the reason because I need to capture GPS data in Wireshark.

Can you suggest me a solution?

Synchronizing the laptop's clock to the GPS clock is outside the purview of Wireshark, so it can't help there.

Wireshark doesn't have any code to get GPS data from gpsd or any other GPS source, and its native capture file format doesn't have any provision for storing GPS data in it.

I infer from the front page of

	http://gpsd.berlios.de/

that you might send, over TCP, a query to gpsd and get back a reply with GPS data. Wireshark could presumably capture that traffic, if it goes over a network device on which you can capture, and, as all the OSes they list on that page support capturing on the loopback device, it would probably be possible to capture that traffic even if gpsd is running on the same machine as Wireshark.

*However*, one instance of Wireshark can capture on only one device at a time, except on Linux where it can capture on the "any" device - but the "any" device won't supply radiotap headers, so that won't help.

So what you'd have to do would, I think, be:

1) capture the wireless traffic on the 802.11 adapter with one instance of tcpdump/dumpcap/TShark/Wireshark/etc.;

2) have a program that reads the real-time GPS data from gpsd, and capture the traffic between that program and gpsd on the loopback adapter with a separate instance of tcpdump/dumpcap/TShark/Wireshark/ etc.;

and merge those two traces.

Wireshark probably doesn't "understand" the gpsd traffic, however, so Wireshark probably won't be able to do all the analysis you'll presumably want to do. Given that, another alternative might be to have the program that talks to gpsd write the data out to a file in its own format, with time stamps, and have some separate program read the Wireshark capture and the gpsd data and analyze them.