TShark command to decode WSMP?
What is the command to have tshark decode the WSMP portion of a packet?
I have a pcap file (sample available) that I can open with Wireshark. Wireshark shows the WSMP portion of the packet. (Image available showing this, but I don't have enough karma to upload it.)
But when I decode the packets using tshark, it only shows "Data" for that portion of the packet.
I've tried various combinations of the -d argument, but all the different combinations I've tried result in either the "unknown layer type" error or "Protocol "wsmp" isn't valid for layer type ..." for any of the layer types I've tried. So I haven't been able to find the right parameters.
Any tips, pointers, suggestions, ideas would be greatly appreciated.
Thanks!
Ken
Notes:
I think it should be possible to do this, because the output from:
tshark -G protocols | grep -i wsmp
shows:
Wave Short Message Protocol(IEEE P1609.3) WSMP wsmp
But, the following command:
tshark -r /mnt/e/work/work/TC2/SpatSample.pcap -2 -c 1 -V
Produces this output:
Frame 1: 366 bytes on wire (2928 bits), 366 bytes captured (2928 bits)
Encapsulation type: IEEE 802.11 plus Prism II monitor mode radio header (21)
Arrival Time: Oct 9, 2020 11:10:46.540759000 EDT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1602256246.540759000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 366 bytes (2928 bits)
Capture Length: 366 bytes (2928 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: prism:wlan_radio:wlan:llc:data]
Prism capture header
Message Code: 0x00000044
Message Length: 144
Device Name: wifi1vap0
DID Host Time 719685155
DID: Host Time (0x00010044)
Status: Supplied (0)
Length: 4
Host Time: 719685155
DID Mac Time 1508234676
DID: Mac Time (0x00020044)
Status: Supplied (0)
Length: 4
MAC timestamp (lower 32 bits): 1508234676
DID Channel 172
DID: Channel (0x00030044)
Status: Supplied (0)
Length: 4
Channel: 172
DID RSSI 0
DID: RSSI (0x00040044)
Status: Supplied (0)
Length: 4
RSSI: 0
DID SQ 0x0
DID: SQ (0x00050044)
Status: Supplied (0)
Length: 4
Signal Quality: 0
DID Signal 0x41
DID: Signal (0x00060044)
Status: Supplied (0)
Length: 4
Signal: 65
DID Noise 0x0
DID: Noise (0x00070044)
Status: Supplied (0)
Length: 4
Noise: 0
DID Rate 6.0 Mb/s
DID: Rate (0x00080044)
Status: Supplied (0)
Length: 4
Data rate (Mb/s): 6.0
DID Is Tx 0x1
DID: Is Tx (0x00090044)
Status: Supplied (0)
Length: 4
IsTX: Tx Packet (0x00000001)
DID Frame Length 53
DID: Frame Length (0x000a0044)
Status: Supplied (0)
Length: 4
Frame Length: 53
802.11 radio information
Data rate: 6.0 Mb/s
Channel: 172
Signal strength (dBm): 0dBm
TSF timestamp: 1508234676
[Duration: 320µs]
[Preamble: 20µs]
IEEE 802.11 Data, Flags: ........
Type/Subtype: Data (0x0020)
Frame Control Field: 0x0800
.... ..00 = Version: 0
.... 10.. = Type: Data frame (2)
0000 ...
Wow. Thank you (seriously) for reminding me to supply information that I should have remembered to supply in the first place. (Yes, I'm saying this all in good humor. I can't count the number of times I've asked that question in the past.)
Anyway, it's a WSL Ubuntu 18.04 image -
Which would appear likely to be earlier than the referenced patch above.
So my next step will be to build a current version and see how it goes. (Or, grab one of my Ubuntu 20 systems around here and try it there.) Either way, I'll report back when I have more ...(more)
Bingo! That was it. Trying it on an Ubuntu 20.04 system worked perfect. If it's of any value to you to post that as an answer I'd love to give you credit for it. (I can't upvote your comment.)