packets are captured using tcpdump on a DLINK DIR825-B1 router, then I opened up the pcap file using Wireshark, an found that the 32bit bitmap of radiotap header is extended twice, and it contains three SSI signal fields. Wireshark's RSSI column only shows the value of the last one. For example, one captured radiotap shows that the first RSSI is -18dBm, the second is -24dBm and the third is -19dBm. I feel very confused, if for each antenna there is one RSSI value, there should be two RSSI values, why there are three RSSI values? The driver I use is ath9k. asked 20 Jun '14, 09:14  neodreamer showing 5 of 6 show 1 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Some questions:
is it possible to post a sample capture file somewhere (google drive, dropbox, cloudshark.org)?
What is the firmware on that router (dd-wrt, openwrt, etc.)?
How did you capture (exact tcpdump parameters)?
the sample pcap file can be downloaded here: http://198.56.183.230/ar9223.pcap
firmware is openwrt
the command line to do the capture is: tcpdump -i mon0 -w ar9223.pcap
What's the kernel version for the version of OpenWRT you're using? There might be a driver bug where it's adding more antenna signal values than there are antennas.
There is no reply from the server!
Kernel version is 3.10.36 I have no problem download the pcap file from http://198.56.183.230/ar9223.pcap