Wireshark-users: Re: [Wireshark-users] wireless capture with PPI headers in linux

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 11 Dec 2011 18:15:38 -0800
On Dec 11, 2011, at 5:12 PM, Hector Akamine wrote:

> Is it possible to capture wireless packets with PPI headers in linux wireshark?

No.  That would require that Linux wireless drivers generate PPI headers; I don't know of any that do.

> So far, I have been able to get radiotap headers only.

That's all that the Linux drivers support.

> Using kismet on linux, it is possible to capture packets with PPI headers.

Kismet on Linux will *generate* PPI headers *itself* based on whatever radio information is supplied while capturing, such as the radiotap header, and on GPS data it gets.  It is not receiving PPI headers from libpcap.

Wireshark doesn't have a GPS interface, so any data it put into a synthesized PPI header would be data from a radiotap or Prism or AVS header; there's no point in synthesizing a PPI header for that - it just puts out the radio header that already exists.