802.11n capture with PPI encapsulation containing HTTP data - help

asked 2019-02-14 18:13:29 +0000

darius gravatar image

updated 2019-02-14 21:33:00 +0000


re: 802.11n capture with PPI encapsulation containing HTTP data - help

just visited https://wiki.wireshark.org/SampleCapt...

to study some sample captures

Opened http.cap in Wireshark https://wiki.wireshark.org/SampleCapt...

copied 15.frame

15 0.596417 TCP 1562 [TCP segment of a reassembled PDU]

followed TCP stream from mouse right click sub-menu and what I get is a new window with caption:

Follow TCP Stream (tcp.stream eq 0)

and what I get in the window is html source of web page with header:

GET / HTTP/1.0 User-Agent: Wget/1.10.2 Accept: /Host: www.polito.it Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 11 May 2007 22:30:37 GMT Server: Apache Last-Modified: Fri, 11 May 2007 22:00:01 GMT Connection: close Content-Type: text/html

I can save code from the window into html file, which can be opened in web browser, as a web page (web links to images are not active)

as php generated local links:


but global links are active:


since Wireshark exactly assembled html code from tcp frames into valid html web page tell me how to make the same with IP camera, streaming live video or sending images at a given ftp to replace video stream, how to set up Wifi Wireless LAN captures to get images processed by Wireshark, ready for watching in web browser.

WiFi P2P IP camera > images sent at a preset fps > Wireshark tcp dissect, data assembly, follow TCP Stream > web browser to watch images refreshed to emulate video stream

BTW captcha crashed, requiring me to solve 30 x captchas


I mean tcpdumping my personal IP cameras, so video stream is open, not encrypted at all

edit retag flag offensive close merge delete


This sounds like a fun science project but from a production standpoint I would think you will have some trouble. The major issue I run into with wireless networks is packet loss; be prepared to have your tcp streams missing data when collecting an OTA (over the air) capture. If the real destination is missing the traffic then TCP will retransmit, but just because the real host got it does not mean the OTA capture did.

Encryption comes to mind as well - for WiFi, would always want to use strong encryption. I don't use WiFi-direct so don't understand how it manages encryption (which I assume it does). For typical 802.11 networks that use WPA2 variants, capture of specific frames from the air (EAPOL) are required to decrypt, but with wireless packet loss, frankly, we don't always get them.

Seems like this problem of one source --> ...(more)

Bob Jones gravatar imageBob Jones ( 2019-02-14 18:43:20 +0000 )edit


thank you for your kind comments.

To make it clear, I mean my personal IP cameras, not supporting multicast, streaming not encrypted video / fps images

Ok, as a proof-of-concept I plan to implement redundant video streaming, known from Moon to Earth, Mars to Earth, wireless image transmissions in space at large distance, not supporting ACK

All I need is to build wireless video receiver / TV, employing web browser or VLC as media player to let me watch live video stream from a given IP camera selected by a single press of a button without any extra hardware installed ( wifi router or alike).

How much should I spend to make my idea a reality ?

darius gravatar imagedarius ( 2019-02-14 21:43:00 +0000 )edit


just visited https://www.cloudshark.org/captures/0... to open http://packetlife.net/captures/HTTP.cap

in the cloudshark

via Analysis Tools selecting HTTP Analysis

requested /images/layout/logo.png from + packetlife.net 1


I can preview in new window as logo image

and download link is provided


not sure if video or animated gif I can preview the same way, via below pipe chart

http image/video/animated gif > tcpdump > wireshark > image/ video/ animated gif object > preview in media player/ web browser/ vlc ...

let me know your opinion

darius gravatar imagedarius ( 2019-02-14 22:54:49 +0000 )edit