Hello, I'm new with tshark and I'm trying to use tshark to see MAC addresses and their rssi or tx power, but can't seem to find the proper field name: the command I'm using is: sudo tshark -S -l -i wlan1 -Y 'wlan.fc.type_subtype eq 4' -T fields -E header=y -e frame.time -e wlan.sa -e wlan.sa_resolved -e wlan_mgt.ssid And I get: frame.time wlan.sa wlan.sa_resolved wlan_mgt.ssid Jan 3, 2017 12:25:03.048773000 EST b8:27:eb:1a:d3:2f Raspberr_1a:d3:2f I've tried: (with no luck) chan.chan_tx_pow wlan.dbm_antsignal wlan.antenna wlan.normrssi_antsignal wlan.rawrssi_antsignal wlan.signal_strength wlancap.dbm_antsignal wlancap.ssi_signal Could anyone help me out? asked 03 Jan '17, 09:48  tonny_vivas |
One Answer:
If you don't know the name of a filter, you can try searching for it on Wireshark's online Display Filter Reference page or perusing the Wireshark Filter Expression dialog for fields of interest. Another tip is to open the capture file in Wireshark and find a packet that contains the field of interest. When you select it, Wireshark will display the field name in the status bar for you. answered 03 Jan '17, 10:02  cmaynard ♦♦ edited 03 Jan '17, 10:04 |
