This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

rawshark output format for 802.11 and radiotap headers

0
1

Hi,

I want to use rawshark to read packets from pipe and print some useful information for me.

Here's the scenario. 1. Remote machine with wireless interface in monitor mode capturing with tcpdump and pipe to netcat 2. Another remote machine read from machine 1 netcat stream and pipes data to rawshark 3. rawshark have to output parsed information in useful for me format.

So far I try to pipe previous captured data (local file) to rawshark and it's fine (cat test.pcap | rawshark -s -r - -d encap:105). But I can't find the right value for the '-F' flag to make it display package source mac address and radiotap header information like signal strength. I was trying with -F wlan.sa -F radiotap.dbm_antsignal

asked 30 Dec '12, 02:25

nerform's gravatar image

nerform
6123
accept rate: 0%

One Answer:

1

Please try this:

rawshark -nr input.pcap -s -d proto:radiotap -F wlan.sa -F radiotap.dbm_antsignal

It works with this sample file.

http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=mesh.pcap

If it does not work with your capture, then your version of tcpdump does not provide a radiotap header.

Regards
Kurt

answered 30 Dec '12, 14:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thank you very much Kurt. It works!

(30 Dec '12, 14:48) nerform