Wireshark-dev: Re: [Wireshark-dev] Patch to add read support for Shomiti wireless captures

From: "Clay Jones" <clay.jones@xxxxxxxxx>
Date: Fri, 2 Feb 2007 09:17:14 -0700

Premature send on that last email.

Bit 8 is the error bit. If set the packet was received with some sort of error Bit 9 is the undecryptable bit. If set the packet was encrypted and the mac was unable to decrypt it

rate  is a standard 802.11 rate
preamble is set if the phy reports that the preamble was a short preamble
code indicates the modulation of the packet
  0 = cck
  3 = wofdm
signal 0 to 100%
signal quality is 0 to 100%
channel is what you would think

----- Original Message ----- From: "Clay Jones" <clay.jones@xxxxxxxxx>

To: <wireshark-dev@xxxxxxxxxxxxx>
Sent: Friday, February 02, 2007 9:02 AM

Subject: Re: [Wireshark-dev] Patch to add read support for Shomiti wireless captures

Here is a capture in the wireless Shomiti format.  This capture is of an
association between a Linksys 802.11n client and AP.  I am working on some
decodes for 802.11n that I will try to send in shortly.

In another email you asked what the meaning of the various header fields
were.

pad[4] contains 3 bytes of FF followed by the length of the remaining header

(8)
undecrypt[2] contains a bitmask (big endian)
 Bits 0 to 2 is the mac port the packet was received on
 Bit 3 unused
 Bit 4 PCF Flag (Packet received outside of contention)
 Bits 5 to 7 is the message type (I think it's always 0 for a normal
packet)



From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 18 Jan 2007 12:53:04 -0800

On Jan 17, 2007, at 8:37 AM, Clay Jones wrote:
This patch adds support for the Shomiti wireless packet format. This is
the
format used by the Fluke Networks WNA (Wireless Network Analyzer).

What are the fields that aren't mapped to 802.11 pseudo-header fields,
namely

"preamble", "code", and "qual"? (Presumably "channel" is a channel number,

"rate" is the data rate in 500Kb/s units, and "signal" is signal strength
as
a percentage.
Do you have any captures we can use for testing?