I think the problem is that there are multiple tags in the frame, and it's trying to interpret the very last one, while the SSID is in the very first.
The output of -e wlan_mgt.tag.number -e wlan_mgt.tag.interpretation is:
221 Not interpreted
If I look at -V output, I see that is the last tag (line 65):
http://pastebin.com/m26f26b6is there any way to get the first tag with the SSID in it?
On Mon, Feb 1, 2010 at 11:45 PM, George Nychis
<gnychis@xxxxxxxxx> wrote:
Hi all,
If I use:
tshark -n -i en0 -y IEEE802_11_RADIO -T fields -e wlan_mgt.tag.interpretation
... I keep getting "Not interpreted" for the tag field on beacon frames which definitely has an SSID which wireshark is able to interpret.
Additionally, if I use
tshark -i en0 -y IEEE802_11_RADIO -o column.format:'"Info", "%i"'
It is able to interpret the flags: Beacon frame, SN=1619, FN=0, Flags=........C, BI=100, SSID="CMU"
Does anyone know how I can use the -e option and have it interpret the flags correctly?
Thanks!
George
