Hi Guy, I wonder why this mail went to my spam.. I don't know anything about radiotap header so I'm afraid i'm not supplying it. And I have confirmed that my captured packets are parsed well using NdisMediumBare80211. In Wireshark it shows "IEEE 802.11 Data". So I think I will just use this value. Thanks!
Cheers, Yang On Mon, Apr 4, 2016 at 3:24 PM, Guy Harris <g...@alum.mit.edu> wrote: > On Apr 3, 2016, at 11:47 PM, Yang Luo <hslu...@gmail.com> wrote: > > > I'm adding Native 802.11 capture support to Npcap and demonstrate it on > > Wireshark. (See: > > > https://github.com/nmap/npcap/releases/download/v0.06-r13/npcap-nmap-0.06-r13-wifi.exe > ). > > I found that the there are two 802.11 related values to show the adapter > > type: NdisMediumBare80211 and NdisMediumRadio80211 > > > > I don't know their differences. And All I can googled out is a post on > this > > list 10 years before: http://seclists.org/tcpdump/2006/q3/32. So I sent > my > > query here:) > > > > > > Packet.dll translates them based on the following code: > > > > case NdisMediumBare80211: > > p->linktype = DLT_IEEE802_11; > > break; > > > > case NdisMediumRadio80211: > > p->linktype = DLT_IEEE802_11_RADIO; > > break; > > > > So I want to know which value should I use for native 802.11 capturing? > > If you're supplying a radiotap header, so that the packet data begins with > a radiotap header, use NdisMediumRadio80211. > > If you're not supplying any radio metadata, so that the packet data begins > with an 802.11 header, use NdisMediumBare80211. > > If you're doing anything else, do one of the two things above instead. > _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
