I am trying to analyze the up-link Wireless traffic generated by my Sony Ericsson phone and captured by my D-Link router, on which I installed the DD-WRT firmware. To do this, first I log in the router and enable the prism0 interface by typing the command:
and then I start to capture the packets by typing:
where xx:xx:xx:xx:xx:xx is the MAC address of my Sony Ericsson phone. After a while I transfer the sony_ericsson_test.pcap file to my computer and open it with Wireshark program. The RSSI values for each packet are present under "Prism capture header" -> "DID unknown 4041" as displayed in the attached image:
in this case the RSSI value for this packet is: 0xfffffffc7.
Is there a way to filter these values and inflate them into the column "Power"?
I tried already to do the following procedure but without success: Edit -> Preferences... -> Columns -> Press "Add" button -> As "Field type" I choose "IEEE 802.11 RSSI" and finally I choose name "Power" and click on "Apply" button.
Thanks in advance for the help!
asked 12 Oct '12, 06:21
The current code that analyzes Prism radio headers is not treating 0x00004041 as the DID value for the RSSI, it's looking for 0x00040044 instead (and the same applies to some of the other values). There is at least one capture where 0x00040044 is correct, but, in your capture, 0x00004041 is correct, and this header file seems to say 0x00004041 is correct.
That code should check for both values, which should fix your problem without breaking other capture files. I'll check in a fix for that, and schedule it for the next 1.6.x and 1.8.x release.
Did you try selecting the field (just like in the screenshot) and using the popup menu selecting "Apply as column"? It should do what you need.
answered 12 Oct '12, 14:12