This site was migrated to a new server on Friday, April 28. If you run into any problems, please open a bug

OSQA is unmaintained. Help us figure out where to go from here.

Hello everybody,

I am trying to analyze the up-link Wireless traffic generated by my Sony Ericsson phone and captured by my D-Link router, on which I installed the DD-WRT firmware. To do this, first I log in the router and enable the prism0 interface by typing the command:

wl -i eth1 monitor 1

and then I start to capture the packets by typing:

tcpdump -i prism0 ether src xx:xx:xx:xx:xx:xx -s0 -w /tmp/smbshare/sony_ericsson_test.pcap

where xx:xx:xx:xx:xx:xx is the MAC address of my Sony Ericsson phone. After a while I transfer the sony_ericsson_test.pcap file to my computer and open it with Wireshark program. The RSSI values for each packet are present under "Prism capture header" -> "DID unknown 4041" as displayed in the attached image:

alt text

in this case the RSSI value for this packet is: 0xfffffffc7.

Is there a way to filter these values and inflate them into the column "Power"?

I tried already to do the following procedure but without success: Edit -> Preferences... -> Columns -> Press "Add" button -> As "Field type" I choose "IEEE 802.11 RSSI" and finally I choose name "Power" and click on "Apply" button.

Thanks in advance for the help!


asked 12 Oct '12, 06:21

Giovanni%20Soldi's gravatar image

Giovanni Soldi
accept rate: 0%

The current code that analyzes Prism radio headers is not treating 0x00004041 as the DID value for the RSSI, it's looking for 0x00040044 instead (and the same applies to some of the other values). There is at least one capture where 0x00040044 is correct, but, in your capture, 0x00004041 is correct, and this header file seems to say 0x00004041 is correct.

That code should check for both values, which should fix your problem without breaking other capture files. I'll check in a fix for that, and schedule it for the next 1.6.x and 1.8.x release.

permanent link

answered 12 Oct '12, 18:07

Guy%20Harris's gravatar image

Guy Harris ♦♦
accept rate: 19%

edited 12 Oct '12, 18:29

Thanks for the answer! Great! Do you know already when the next release will be ready with this fix?

(13 Oct '12, 15:35) Giovanni Soldi

According to the development roadmap, the next 1.8.x and 1.6.x releases aren't scheduled yet, as of 2012-10-13.

(13 Oct '12, 15:44) Guy Harris ♦♦

After Guy has committed the change you'll be able to pick up a nightly build from the automated build area, or build yourself from trunk, but beware that both these options are on the bleeding edge of Wireshark development.

(14 Oct '12, 01:40) grahamb ♦

Okay! I'll try it that release then! I just need to use Wireshark to read the pcap files and export the data into MATLAB but I need to be able to read the RSSI values. Where can I monitor the commits history so that I don't continue to bother you on when it's fixed? Or, can you just simply write me here when it's ready? Thanks you very much!

(15 Oct '12, 04:27) Giovanni Soldi

Way cool! I picked up this version Wireshark 1.9.0-SVN-45556 PPC 32.dmg and it seems to work perfectly. Thanks a lot! :)

(15 Oct '12, 04:35) Giovanni Soldi

Glad to be of help. If your question has been answered can you mark the question as such by clicking the checkmark icon next to the answer?

(15 Oct '12, 04:44) grahamb ♦

Hi! I have another question! After I get displayed RSSI values into the column I try to export my data into CSV format but the RSSI values don't show up in the output file. Probably, it hasn't been fixed yet, right? Would it be possible to include this fix in the next nightly build? Thanks again for the help!

(16 Oct '12, 06:29) Giovanni Soldi
showing 5 of 7 show 2 more comments

Did you try selecting the field (just like in the screenshot) and using the popup menu selecting "Apply as column"? It should do what you need.

permanent link

answered 12 Oct '12, 14:12

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

Thanks for the answer! I tried but I get also all the other DID unknown fields into the column.

(13 Oct '12, 15:26) Giovanni Soldi
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 12 Oct '12, 06:21

question was seen: 3,214 times

last updated: 16 Oct '12, 06:29

p​o​w​e​r​e​d by O​S​Q​A