Hi Guy, Thanks! This time it goes right!
However, most information of the radiotap header is zero like below. The most commonly seen TSFT field (I thought) is not there. Although I didn't implement some fields like "Rate" yet, but I still feel it's too blank? Maybe this is because the underlying network card driver doesn't implement so many 802.11 OOB data, or Npcap's issue? One of my 802.11 packet's radiotap header is like this: -------------------------------------------------------- Radiotap Header v0, Length 15 Header revision: 0 Header pad: 0 Header length: 15 Present flags Flags: 0x00 Channel frequency: 0 Channel flags: 0x0000 SSI Signal: -47 dBm -------------------------------------------------------- The only field with non-zero values is SSI Signal. sometimes -46 dBm, sometimes -47 dBm, most times is also 0 dBm. Cheers, Yang On Sat, Apr 9, 2016 at 3:39 PM, Guy Harris <[email protected]> wrote: > On Apr 9, 2016, at 12:24 AM, Yang Luo <[email protected]> wrote: > > > I have added Radiotap header to Windows. Currently only Flags, Channel > and Antenna Signal are supported. > > > > The whole header with Radiotap data is 14 bytes: > > 8 bytes header + 1 byte Flags + 4 bytes Channel + 1 byte Antenna Signal. > > It should be > > 8 bytes header > > 1 byte Flags > > 1 byte padding, to put the Channel field on a 2-byte boundary > > 4 bytes Channel > > 1 byte Antenna signal > > for a total of 15 bytes. See the "Alignment in Radiotap" section of > > http://www.radiotap.org > > If you add a Rate field after Flags, however, you *wouldn't* put the > padding field there, as the Rate field is also 1 byte long, and there's no > need for padding after a 1-byte Flags field and a 1-byte Rate field if a > Channel field follows the Rate field. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
