Hi, I encounter a situation that the data rate decoded between wireshark and omniPeek is not the same. It's a 802.11 packet. In omnipeek, it shows the data rate is 65.0Mbps, and it is correct. However in wireshark, it shows the data rate is 3.5Mbps. It is weird. I upload the capture file on google drive (It's better opened with crome): https://drive.google.com/file/d/0B4Zm6QEQbQ50eGRqNGJibzBIVGc/view?usp=sharing Could anyone answer this question, thanks!
asked 24 Oct '14, 02:17  s0204995 |
One Answer:
Wireshark's code to read the "tagged" file format for {Ether,Airo,Omni}Peek is incomplete (it's not publicly documented anywhere for use by people who don't have OmniPeek, so it had to be reverse-engineered), so it may get some fields wrong. Could you please file a bug on this at the Wireshark Bugzilla, and attach the capture AND an image of what OmniPeek shows for the packet - giving a full list of all the "meta-data" fields, including the data rate and any other fields, such as an MCS index, signal and noise values for multiple antennas, flags for packets, etc., as that might allow us not only to fix this issue but to get more such information from the packet? answered 24 Oct '14, 15:56  Guy Harris ♦♦ edited 24 Oct '14, 15:57 |
Thanks for your suggestion. I have submit a bug on Bugzilla. It's link: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10637
Thanks. Could you please attach to that bug a screenshot of the dissection of all the metadata details (data rate, channel, signal strength(s), noise level(s), etc.) from OmniPeek, so we can see whether it's showing, for example, and MCS index from which we could calculate the data rate?