This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture SNR value using tcpdump

0

Hi everyone. Does anybody know how to capture SNR value of a WiFi link using tcpdump? I tried capturing using wireshark by showing the signal and noise but those values never exists during capturing. Thanks

asked 24 Apr '13, 22:15

Tyanium's gravatar image

Tyanium
1445
accept rate: 0%

What version of what OS is this? (For Linux, that means both "what version of the kernel" and "what distribution and what version of that distribution".)

What does tcpdump -h print?

(25 Apr '13, 18:59) Guy Harris ♦♦

This is what printed after tcpdump -h

tcpdump version 3.9.8
libpcap version 0.9.8

Im using fedora release 9 with kernel version 2.6.27.25-78.2.56.fc9.i686

(08 May '13, 20:00) Tyanium

2 Answers:

0

Capturing WiFi traffic including the 802.11 layer requires a little more preparation, especially on Windows (which may not be the OS in your case since you mentioned tcpdump) where you need to have an AirPCAP USB adapter to do it. See this Wiki page: http://wiki.wireshark.org/CaptureSetup/WLAN

I'm not sure if TCPdump is capable of capturing the radio layer, but there are tools like airodump-ng that could help you out.

answered 25 Apr '13, 01:27

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

tcpdump can capture the radio layer, but, on most OSes, you have to be in monitor mode to do that, and his libpcap and tcpdump are too old to support having tcpdump do it with the -I flag.

(08 May '13, 20:30) Guy Harris ♦♦

0

You'll have to put your adapter into monitor mode in order to get the radio information. Try using the airmon-ng script from aircrack-ng; there might be a Fedora 9 RPM for aircrack-ng.

answered 08 May '13, 20:29

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Now I put my computer in monitor mode already. But when I try to capture packets, this is what happen:

tcpdump -U -w ./test.cap
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
^C0 packets captured
tcpdump -L -i ath0
tcpdump: bind: Network is down

My goal is to capture SINR value of a wifi channel. Do u have any idea what's going on? And please guide me to achieve my goal. Thanks

(15 May '13, 21:21) Tyanium

tcpdump: WARNING: eth0: no IPv4 address assigned

So that was capturing on eth0. Is that your Wi-Fi adapter?

Also:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

Sadly, this is an old version of tcpdump, which defaults (when it supports IPv6) to a snapshot length of 96 bytes. Try doing -s 0 as part of your tcpdump argument list, to capture the entire packet (the radiotap header might not fit in 96 bytes).

(15 May '13, 21:31) Guy Harris ♦♦

Thank for your comment. I tried again yet still not working. No packets are captured.

[[email protected] ~]# tcpdump -s 0 -i ath0 tcpdump: bind: Network is down [[email protected] ~]# tcpdump -s 0 -i wifi0 tcpdump: WARNING: wifi0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wifi0, link-type IEEE802_11 (802.11), capture size 65535 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel

(15 May '13, 22:22) Tyanium

I still don't get it, I put ath0 in monitor mode already but once typing tcpdump using ath0 it won't work

[[email protected] ~]# iwconfig lo no wireless extensions.

eth0 no wireless extensions.

wifi0 no wireless extensions.

pan0 no wireless extensions.

ath0 IEEE 802.11g ESSID:"" Nickname:"" Mode:Monitor Channel:0 Access Point: Not-Associated
Bit Rate:0 kb/s Tx-Power:18 dBm Sensitivity=1/1
Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=0/70 Signal level=-98 dBm Noise level=-98 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0

[[email protected] ~]# tcpdump -i ath0 -s 0 -w stress.pcap tcpdump: bind: Network is down

(15 May '13, 23:07) Tyanium