 | 1 | initial version |
However, some of my interested fields under radiotap header appear to be "absent". By "absent", I cannot know whether it means true or false.
That is correct. If a field that happens to be a 1-bit Boolean flag is absent, it is completely unknown whether it's true or false - it's absent, meaning the flag's value is not specified.
(Not all radiotap fields are 1-bit Boolean flags, so not all radiotap fields are true or false - the rate field, for example, is a data rate, in units of 500 Kb/second, so it does not have a value that's "true" or "false".)
So what does "absent" exactly mean?
It means that the whatever generated the radiotap header did not specify the value of the field, perhaps because it was unable to determine the value of the field; as such, you (and Wireshark - or tcpdump, or whatever program is reading the captured packets) do not know the value of the field and cannot know the value of the field.
Can I interpret that as false?
You should not do so; you should interpret it as "unknown whether it's true or false", if it's a 1-bit Boolean flag, just as you should, for example, interpret an absent "rate" field as "unknown what the data rate was", not as "500 Kb/s" or any other known value.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
