I have one question, I have installed Wireshark 2.2.4 on Ubuntu. I have captured packets with MCS 9, QAM 256, 802.11 AC in 5 GHz. In the main Window of Wireshark the data rate are not displayed, also it isn't possible when I will filter on I/O-graph this device with wlan_radio.data_rate.
With best regards
asked 09 Feb, 05:28
So the problem is how the Data rate is being defined by Wireshark for 11ac devices.
Therefore, the VHT (11ac) rates are not being displayed under the typical data rate.
To view the 11ac data rates, you can create a Custom Column field:
The new column should be displayed.
answered 09 Feb, 10:41
Note sure why wlan_radio.data_rate is not working on the I/O graph for Ubuntu.
For post analysis, I prefer to use Tshark commands and convert the information into a CSV file. From there, I can make graphs and do whatever I need.
For example: tshark -r c:\temp\test.pcap >c:\temp\test1.csv -T fields -e frame.number -e wlan_radio.data_rate -e frame.time_relative -E header=y -E separator=,
This command will export a CSV file with 3 columns: Frame number, Data rate and Relative time. Then I can plot the frame number on the X-axis and Data Rate on Y-axis to get the following graph:
The above graph has all frames (data, control and management). If I filter only the Data frames (QoS Data included) and then perform the same analysis, I get:
Now that shows that most of the data rate is around 200Mbps with a spike of 360Mbps. But there are some very low rates of 6Mbps. Most of these are EAP exchanges (assuming rekeying here) but a few are Data frames.
Hope that helps
answered 10 Feb, 13:14
You need to complete the Y-axis and Y-field areas:
The Y-axis must be selected as Max, Min or Average. Then the Y-field would be wlan_radio.data_rate
As for the differences between radiotap.vht.datarate.x, I am not sure. I was only able to find the following documents: https://www.wireshark.org/docs/dfref/r/radiotap.html https://raw.githubusercontent.com/boundary/wireshark/master/epan/dissectors/packet-ieee80211-radiotap.c
Neither provide a very descriptive explanation. But looking at the Git hub repository, it "appears" that the difference is the number of spatial streams supported by the device??
datarate.0 = 1SS
datarate.1 = 2SS
answered 17 Feb, 07:07