 | 1 | initial version |
Capture is from Wireshark (Windows version) and it has be done with Ekahau SideKick (which create PCAP file) connected directly to my computer - so this capture is not done on AP.
OK, this page on the Ekahau Web site says
Ekahau Capture saves packets in the industry standard .pcap format.
but that's a capture done by the Ekahau Capture application, not by Wireshark. Pcap captures can be read by Wireshark, but if the capture was read and dissected by Wireshark, that doesn't mean the capture was done in Wireshark unless you selected a Wi-Fi adapter on the Windows machine in Wireshark and did the capture by telling Wireshark to capture on that interface.
So I'll assume the capture was done by Ekahau Capture, using the Sidekick.
If so, then the antennas are on the Sidekick, not on the AP and not on your Windows machine's Wi-Fi adapter.
A blog post from Ekahau says that "Ekahau Sidekick makes use of 7 internal antennas and is designed to be worn and oriented in one direction to ensure accurate and consistent measurements.", but I don't know how many are used for capturing.
Here's a discussion of how multi-antenna captures should be done in radiotap (the messages are in reverse chronological order, so Johannes Berg's first message on the topic, from 2012-08-20, is number 11, at the bottom of the list).
The scheme proposed by Johannes in that first message isn't what's followed in that capture, as there are two signal values before the antenna number value. I suspect they're doing the same thing that at least one Linux driver does, and providing an "overall" signal value, followed by a set of signal values, one for each antenna chain, as per later discussion on that list. Sadly, the author of message 2 (the next-to-the-last message, chronologically) appears to have dropped the ball and not updated the radiotap documentation, as suggested by Johannes in message 1 (the last message, chronologically). Perhaps I'll poke the recipient of Johannes' suggestion and get him to move forward on that. :-)
Anyway, what that means is probably that:
The client signal strength shown in Wireshark is always the same as value of Antenna 2
That's because the Wireshark code doesn't handle multi-antenna information very well. The code that handles the "radio information" (which is independent of whether it's supplied by radiotap or some other mechanism) has no way to be given signal strength etc. information for multiple antennas, and the code that handles the radiotap header can't and doesn't construct multi-antenna information for the "radio information" code.
Instead, it passes the last signal strength it saw to the radio information code as the one-and-only signal strength value.
| | 2 | No.2 Revision |
Capture is from Wireshark (Windows version) and it has be done with Ekahau SideKick (which create PCAP file) connected directly to my computer - so this capture is not done on AP.
OK, this page on the Ekahau Web site says
Ekahau Capture saves packets in the industry standard .pcap format.
but that's a capture done by the Ekahau Capture application, not by Wireshark. Pcap captures can be read by Wireshark, but if the capture was read and dissected by Wireshark, that doesn't mean the capture was done in Wireshark unless you selected a Wi-Fi adapter on the Windows machine in Wireshark and did the capture by telling Wireshark to capture on that interface.
So I'll assume the capture was done by Ekahau Capture, using the Sidekick.
If so, then the antennas are on the Sidekick, not on the AP and not on your Windows machine's Wi-Fi adapter.
A blog post from Ekahau says that "Ekahau Sidekick makes use of 7 internal antennas and is designed to be worn and oriented in one direction to ensure accurate and consistent measurements.", but I don't know how many are used for capturing.
Here's a discussion of how multi-antenna captures should be done in radiotap (the messages are in reverse chronological order, so Johannes Berg's first message on the topic, from 2012-08-20, is number 11, at the bottom of the list).
The scheme proposed by Johannes in that first message isn't what's followed in that capture, as there are two signal values before the antenna number value. I suspect they're doing the same thing that at least one Linux driver does, and providing an "overall" signal value, followed by a set of signal values, one for each antenna chain, as per later discussion on that list. Sadly, the author of message 2 (the next-to-the-last message, chronologically) appears to have dropped the ball and not updated the radiotap documentation, as suggested by Johannes in message 1 (the last message, chronologically). Perhaps I'll poke the recipient of Johannes' suggestion and get him to move forward on that. :-)
Anyway, what that means is probably that:
The client signal strength shown in Wireshark is always the same as value of Antenna 2
That's because the Wireshark code doesn't handle multi-antenna information very well. The code that handles the "radio information" (which is independent of whether it's supplied by radiotap or some other mechanism) has no way to be given signal strength etc. information for multiple antennas, and the code that handles the radiotap header can't and doesn't construct multi-antenna information for the "radio information" code.
Instead, it passes the last signal strength it saw to the radio information code as the one-and-only signal strength value.
[Update]
So you might want to ask the Ekahau people what that means; if it doesn't mean what I said, you might want to send them the URL https://lore.kernel.org/radiotap/?q=multi-antenna as a pointer to the discussion in question, so they know what they should be doing.
