Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] tshark to interpret wlan tags?
From: George Nychis <gnychis@xxxxxxxxx>
Date: Tue, 2 Feb 2010 00:51:51 -0500
I think the problem is that there are multiple tags in the frame, and it's trying to interpret the very last one, while the SSID is in the very first.
The output of -e wlan_mgt.tag.number -e wlan_mgt.tag.interpretation is:
221 Not interpreted
If I look at -V output, I see that is the last tag (line 65):
http://pastebin.com/m26f26b6
is there any way to get the first tag with the SSID in it?
On Mon, Feb 1, 2010 at 11:45 PM, George Nychis <gnychis@xxxxxxxxx> wrote:
Hi all,
If I use:
tshark -n -i en0 -y IEEE802_11_RADIO -T fields -e wlan_mgt.tag.interpretation
... I keep getting "Not interpreted" for the tag field on beacon frames which definitely has an SSID which wireshark is able to interpret.
Additionally, if I use
tshark -i en0 -y IEEE802_11_RADIO -o column.format:'"Info", "%i"'
It is able to interpret the flags: Beacon frame, SN=1619, FN=0, Flags=........C, BI=100, SSID="CMU"
Does anyone know how I can use the -e option and have it interpret the flags correctly?
Thanks!
George
- Follow-Ups:
- Re: [Wireshark-users] tshark to interpret wlan tags?
- From: Guy Harris
- Re: [Wireshark-users] tshark to interpret wlan tags?
- References:
- [Wireshark-users] tshark to interpret wlan tags?
- From: George Nychis
- [Wireshark-users] tshark to interpret wlan tags?
- Prev by Date: [Wireshark-users] tshark to interpret wlan tags?
- Next by Date: [Wireshark-users] Tracking SMTP traffic with Wireshark
- Previous by thread: [Wireshark-users] tshark to interpret wlan tags?
- Next by thread: Re: [Wireshark-users] tshark to interpret wlan tags?
- Index(es):