Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: RE: [Ethereal-users] ethereal saving as dat file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ankur Aggarwal" <ankur@xxxxxxxxxxxxxxxxx>
Date: Fri, 15 Apr 2005 14:52:10 +0530
Harris
Those reserved fields are reserved for the noise (padding of 08,00 and
09,00) in percentage as well as in dBm values.

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Thursday, April 14, 2005 11:57 PM
To: Ethereal user support
Subject: Re: [Ethereal-users] ethereal saving as dat file

Ankur Aggarwal wrote:

> 1)	I already have a (.bat) script which can enable me to change the
> radio mode from .11 a-> b-> g and set the channel number. How do I add
> an additional tab which will run it for me in the background instead
of
> manually typing it?

You'd have to modify the code in the gtk directory to do that.

> 2) In one portion you talk about converting wireless packets to fake
> Ethernet packet

...which is what's done, on Windows, either by the adapter in the 
default mode the driver puts it into, or by the adapter's driver, as 
that's what Windows currently expects.  (Microsoft are apparently 
developing a "native 802.11" mode:

	
http://www.microsoft.com/whdc/device/network/802x/Native80211.mspx

although I don't know that it'd support supplying packets with 802.11 
headers through NDIS.)

> and in the other you talk about the interpretation of
> rf-parameters like data rate, channel, signal level, etc.

I mentioned that in the context of reading Airopeek captures, not of 
capturing on Windows.

> (the unused byte actually is reserved for noise values)

"Reserved for noise values" meaning "currently used for noise values", 
or meaning "WildPackets have reserved it in case they supply noise 
values in the future"?

> The Ethernet packets do not
> have provision for these fields. How does one handle this information
> (assuming winPcap is modified to generate it)

If you can supply 802.11 headers with your driver, then the best way to 
handle the radio headers would be to supply the radio information in a 
"radiotap" header, followed by an 802.11 header and the 802.11 payload. 
  The radiotap header can be seen here:

	
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/net80211/ieee80211_radiotap.
h?rev=1.10&content-type=text/x-cvsweb-markup

The radiotap header begins with the "struct ieee80211_radiotap_header" 
structure - all fields in it are little-endian - and is followed by the 
values of the fields supplied (the bitmap indicates which fields are 
supplied).

You would make WinPcap supply a DLT_ value of DLT_IEEE802_11_RADIO
(127).

> 3) Is there any way to by-pass the winPcap and directly interface with
> ethereal?

Not on Windows.

Bypassing WinPcap would limit this to Ethereal; doing it in WinPcap 
means that other applications could use it as well.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube