Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2019-01-22 17:10:55 +0000

cmaynard gravatar image

Probably the best thing to do would be to open a Wireshark bug report asking for the 802.11mc (FTM) frames to be supported, and if possible to supply a patch implementing it if you're to do so.

In the meantime, if your Lua script grabs the wlan.fixed.publicact field, it may be able to process it if the value is 0x20. Here's a very simple Lua post-dissector script that does something with the packet if the field is 0x20:

wlanpost = Proto("WLANpost", "Append text to Info column if 802.11mc")

wlan_publicact_f = Field.new("wlan.fixed.publicact")

function wlanpost.dissector(tvb, pinfo, tree)
    local wlan_publicact_ex = wlan_publicact_f().value

    if wlan_publicact_ex == 0x20 then
        pinfo.cols.info:append(" [802.11mc]")
    end
end

register_postdissector(wlanpost)

I don't have any 802.11mc packets to play around with, so you'll have to see what you can accomplish without Wireshark native support. The Wireshark wiki has a more elaborate postdissector example if you want to take a look at it. See https://wiki.wireshark.org/Lua/Examples/PostDissector

Probably the best thing to do would be to open a Wireshark bug report asking for the 802.11mc (FTM) frames to be supported, and if possible to supply a patch implementing it if you're able to do so.

In the meantime, if your Lua script grabs the wlan.fixed.publicact field, it may be able to process it if the value is 0x20. Here's a very simple Lua post-dissector script that does something with the packet if the field is 0x20:

wlanpost = Proto("WLANpost", "Append text to Info column if 802.11mc")

wlan_publicact_f = Field.new("wlan.fixed.publicact")

function wlanpost.dissector(tvb, pinfo, tree)
    local wlan_publicact_ex = wlan_publicact_f().value

    if wlan_publicact_ex == 0x20 then
        pinfo.cols.info:append(" [802.11mc]")
    end
end

register_postdissector(wlanpost)

I don't have any 802.11mc packets to play around with, so you'll have to see what you can accomplish without Wireshark native support. The Wireshark wiki has a more elaborate postdissector example if you want to take a look at it. See https://wiki.wireshark.org/Lua/Examples/PostDissector