This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Recommended wireless adapter (USB) with Linux wireshark that reports mactime in Radiotap header

0

I have tried with Dlink-DWA-160-A2 card with AR9170 but do not see mac timestamp and also TSFT flag is 0.

asked 08 Jan '14, 11:35

Sudheer's gravatar image

Sudheer
16448
accept rate: 0%


One Answer:

2

I did a quick test with my TP-Link TL-WN822N v2 on Kali 1.0.4. Here are the results.

[email protected]:~# lsusb
Bus 001 Device 002: ID 0cf3:7015 Atheros Communications, Inc. TP-Link TL-WN821N v3 802.11n [Atheros AR7010+AR9287]

+++ HINT +++: lsusb is showing the wlan device as TL-WN821N, whereas it is in reality a TL-WN822N Ver. 2.0 (822 instead of 821)!!!

[email protected]:~# airmon-ng start wlan0 [email protected]:~# tcpdump -ni mon0 -w /tmp/k1.pcap

[email protected]:~# tshark -nr /tmp/k1.pcap -T fields -e frame.number -e radiotap.mactime
1 43619545 2 43622799 3 43774362 4 43759542 5 43902905

[email protected]:~# lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux Kali Linux 1.0 Release: Kali Linux 1.0 Codename: n/a

As you can see there is a mactime field in the radiotap header. If my understanding is right, this means the Atheros chipset (actually the driver) put that timestamp into the data structure. So, the TP-Link TL-WN822N V2 might be the right tool for you (or any other wlan device with that Atheros chipset).

++ UPDATE ++

In the meantime I tried some of my other wlan devices.

  • D-Link DWA 160 A2 (Atheros 9170)
  • Alfa AWUS036NHR V2 (RTL8192cu)

So far none of them provided a mactime field, meaning no hardware timestamps (or not implemented in the driver). So, the TP Link device with AR9287 is currently the only chipset for which I can confirm hardware timestamps.

Regards
Kurt

answered 09 Jan ‘14, 10:02

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 09 Jan ‘14, 14:56

Hi Kurt,

Thanks for the information. The wireless I have used is Dlink DWA-160 Rev A2 that has Atheros chipset - AR9170 + AR9104 (http://wikidevi.com/wiki/D-Link_DWA-160_rev_A2).

The driver that gets loaded when i use the above card is carl9170.ko. Can you please let me know the driver that gets laoded when you try with TP-Link TL-WN822N V2 ?

-Sudheer

(09 Jan ‘14, 12:24) Sudheer

driver: ath9k_htc

See also the UPDATE in my answer for AR9170.

(09 Jan ‘14, 14:47) Kurt Knochner ♦

Thnaks for the info. So looks like with Atheros chip sets the only ones that report mac time stamp is AR7010, AR9287 with ath9k_htc driver. The one I have does not work.

I will look for wireless adapter that has above chip set and get one of those.

(09 Jan ‘14, 14:57) Sudheer

I’m not sure if those are the only ones, as I currently don’t have access to devices with other Atheros chipsets. But at least I can confirm that the AR9287 is generating some reasonable looking mactime values on my system.

Hint: If a supplied answer resolves your question can you please “accept” it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. For extra points you can up vote the answer (thumb up).

(09 Jan ‘14, 15:02) Kurt Knochner ♦