Hi, I would like to know if there is a way of plotting the radiotap.dbm_antsignal VALUE in the wireshark IO Graph plotter? Am I able to plot any radiotap values at all? How would I do this? I have searched through the wireshark mailing list (forum questions) and could not find something. Could someone recommend the simplest method of doing something like this. Would Cascade Pilot Personal Edition do something like this? Cace website does not have something on the matter? I am using wireshark Version 1.4.3 (SVN Rev 35482 from /trunk-1.4) on Win XP SP4 with an Aipcap TX adapter, to capture the 802.11 packets. Thanks Alex asked 29 Jun '11, 13:35 almost_linear edited 29 Jun '11, 13:37 |
2 Answers:
Normally this could be [mostly] accomplished by choosing "Advanced" in the Y Axis Unit, then setting the display filter of the packets you're interested in on the left, selecting an appropriate Calc choice, such as AVG(*), and finally choosing a display filter of what you want plotted. While there's no way to guarantee that you'll get EXACT values plotted, if you set your x-axis to a small enough tick interval, the averages for that interval should come pretty darn close, if not be the exact values you're looking for. However, because the radiotap.dbm_antsignal value is negative, there appears to be a problem plotting the values. This looks like a bug to me, one which should be reported on the bug list here. In the meantime, you can use the "Copy" button to copy the values that would be plotted, then paste the data into a txt file that you import into your favorite spreadsheet application as a .csv file. Once there, you should be able to plot the data. Another quick way to view these values is to add a custom column for showing the radiotap.dbm_antsignal values. You can then sort on that column or just scroll through the packets looking for patterns, poor values, etc. To add a custom column, either:
answered 29 Jun '11, 19:44 cmaynard ♦♦ |
If you use "radiotap.db_antsignal" it will work with the IO graph plotting, since this is a positive number (radiotap.db_antsignal = radiotap.dbm_antsignal + 100, so it seems). E.g. when using filter = wlan_mgt.ssid == "your SSID" and calc=AVG(*) and as field radiotap.db_antsignal, and then using a tick interval of 0.1s or less, you should see the RSSI of your AP over time (keeping in mind that you would need to mentally subtract 100 to get actual dBm numbers, but the principle is the same). Good luck :-) answered 24 Oct '13, 03:36 Niels Schutten |
Hi Cmaynard,
Thanks for replying to my post so quickly.
Unfortunately, I was unable to port the data to excel as you suggested. I was aware of the possibility to plot the SSI as a column, but I was more interested in plotting the data.
As a number of different 802.11 packets (data, management, control) can be acquire from different networks, it is difficult to get a quick and clear picture of what is happening ‘real time’ on your network. I am also interested in producing ‘trend’ figures ‘after-the-fact’, which should shed light to how my wireless network is behaving for a particular environment. This is why I am still interested on finding a way to plot the SSI data.
I tried your suggestion using wireshark 1.4.3 and got no meaningful result. I updated to 1.6.0 and got no meaningful result either.
What I tried and what I got:
1) If I used the Access Points MAC address (with the details below), I got an average of 500E6 (!!!) with valleys of 100E6 (!!!). Copying the data in a txt file and then saving this data in csv format and opening the file in Excel 2007, showed the same data. As far as I can tell, these values can’t be right. I played with the tick interval value and I still got nonsensical values.
Filter: wlan.sa == xx:xx:xx:xx:xx:xx && radiotap.dbm_antsignal
AVG: radiotap.dbm_antsignal
Tick interval: 1sec
Pixel per tick: 10
2) If I used the STA’s MAC address (with the details below), I got peaks with values of 2E9 (!!!) and an average of 58E6 (!!!). Copying and then saving this data in txt format and opening the file in Excel 2007, showed the same data. As far as I can tell these values can’t be right, either.
Filter: wlan.sa == xx:xx:xx:xx:xx:xx && radiotap.dbm_antsignal
AVG: radiotap.dbm_antsignal
Tick interval: 1sec
Pixel per tick: 10
Looking at the post below:
http://www.wireshark.org/lists/wireshark-users/200906/msg00206.html
Could it be I have to subtract [(radiotap.dbm_antnoise) – (radiotap.dbm_antsignal)]?
Trying this gave me an average value of about -55, however from looking at my data, this does not correspond to the right value. The correct average would be around minus 44-47.
Any advice would be more than welcome.
As I am a relatively new user to wireshark, I will refrain from posting ‘wolf’ on the bug list, for the time being.
Thanks
Alex
Well, looking at the gtk/io_stat.c source code, it's pretty clear to me that it doesn't plot negative values, so an enhancement bug request seems appropriate. Meanwhile, you might try this instead:
Graph1, Filter: radiotap.dbm_antsignal >= -20 Calc: COUNT(), radiotap.dbm_antsignal Graph2, Filter: radiotap.dbm_antsignal < -20 && radiotap.dbm_antsignal > -40 Calc: COUNT(), radiotap.dbm_antsignal ... etc., then if you use the default colors, you can see where the good/bad signals are with black=best and purple=worst. This is a little tedious to set up, but I can't think of anything better.
Thanks for your quick reply Christopher.
I would like to thanks you also for taking time to look at the source code.
Your suggestion though interesting, might be difficult to plot, which is something I would really like to be able to do.
Your suggestion using the Count calculation is really interesting. I will have a good look at it tmrw. From my little experience with 802.11, I would recommend a -45dBm to -65dBm as good signal quality and the rest as bad signal quality (that would include above -45dBm and below -65dBm). This can be changed in the filter parameters.
Should I call it quits with regards to plotting the SSI? Could I humbly ask you, to comment on the possibility of using [(radiotap.dbm_antnoise) – (radiotap.dbm_antsignal)] to get the SSI? Is this just some weird fluke?
Should I assume what you suggested on your first post regarding copying into Txt and then saving in csv, as something that does not work, for the SSI?
Thanks and regards
Alex
Try a different tick interval like 0.1 sec or smaller before you do the copy. In the capture file I'm using from the menagerie as a test, even though the plot is obviously wrong, when I copy the data using 0.1 sec or smaller, the data is correct.
Regarding the SSI and the formula you gave for computing it, I have no experience with that.
Lastly, please use comments instead of answers when following up on this question. You are not providing any answers to your question.
Thanks for your reply Christopher.
I really appreciate you taking the time to answer my questions. You are right, I do have to change the tick interval to 0.1s or less. However, even when I do that, some of the copied data is still corrupted. One in every 15-20 data points is either zero or some very large value.
As for answering my own questions, I choose to do that as the comments reply options only allows for a small number of characters. I didn’t really see it as answering my own questions. Next time I will split my post.
Alex