hello, the rssi field is 8 bits according to ieee 802.11 standard . so i wanted to know how wireshark is using these 8 bits? iein which format it filling them.?? thank you in advance asked 20 Oct '16, 19:21  misbah |
One Answer:
I assume you are talking about the RSSI (SSI Signal) in the radiotap header. The value reported in the packet details pane is in dBm, which is a measure of RF signal power at the antenna, in decibels difference from 1mW. The radiotap spec says the field is a signed 8-bit value, so to get from the raw hex bytes shown in the packet bytes pane to the value reported in the packet details pane, you need to take the two's complement. For example: if 0xD1 is shown in the bytes panel, the two's complement of that is shown in the details pane (-47 dBm)
answered 21 Oct '16, 07:38  J_Turner |
thank you @j_Turner , that explains my doubt. i was also wondering what is the entire field in the highlighted 0010 register??
It's not a field, it's a bunch of fields. It is part of the radiotap header, which is a variable-length header that the networking drivers on *BSD and macOS, the drivers and mac80211 code on Linux, and the drivers and Npcap code on Windows, provide as a "pseudo-header" before the packet data when capturing.
There are other 802.11 radio information pseudo-headers used with the pcap and pcapng file formats, and other capture file formats may provide that information in some other fashion. Wireshark 2.x transforms the radiotap and other pseudo-headers, and the information supplied in other file formats, into a standard format, and displays that under "802.11 radio information", so that information is provided twice for radiotap and other pseudo-headers.