tshark: '-T fields' - Missing MACs in output
When I read 802.11-MAC-Data, I got gaps. This is no problem when staying on one channel, but I use channel-hopping, so after changing the channel I often miss a lot of information.
Is there a way to display the MACs in these gaps when using the '-T fields' option?
tshark -I -i wlan1 -a duration:60 -w capture.bin
tshark -r capture.bin -T fields -e wlan_radio.channel -e wlan.sa -e wlan.bssid
...
10 00:07:50:fc:a0:0a 00:07:50:fc:a0:0a
11
11
11
11
11
11
11
11
11
11
11 bc:30:7d:53:10:4a bc:30:7d:53:10:4a
...
10 00:07:50:fc:a0:0a 00:07:50:fc:a0:0a
10 00:07:50:fc:a0:0a 00:07:50:fc:a0:0a
11
11
11 3a:43:1d:66:46:76 3a:43:1d:66:46:76
...
To hide the lines w/ empty fields is no prob. But this fields belongs to a device and produces e.g, RSSI or wlan.fc.type_subtype.
If you use '-T ek', the missing MACs are displayed.
Can you share the capture with the issue?
You are right, I'm wrong. I used a wrong file.
Tx 4 support!