0

I have a xyz.pcap file generated by tcpdump utility in which I have captured packets from my Linksys WRT54G router. While capturing, the router was in monitor mode that means a prism header was appended to it.

Now when I open this .pcap file on my wireshark 1.8.2. Under the prism capture header it shows me Message Code:65 Message Length:144 Device Name: eth1 DID Unknown 1041 DID Unknown 2041 DID Unknown 3041 DID Unknown 4041 DID Unknown 5041 DID Unknown 6041 DID Unknown 7041 DID Unknown 8041 DID Unknown 9041 DID Unknown a041

I want to see the RSSI from this data. I have a wage idea that it could be in 4041 but i am not sure. Once I'll get the RSSI I have my C program ready to use it using prism_header structure.

So where is this RSSI value in this packet data.

Jango
  • 119
  • 1
  • 1
  • 10
  • when I saw on wireshark under the DID Unknown 4041, its status was : Not Supplied (0),but in the header structure given at http://home.martin.cc/linux/prism. It says that status 0 indicates that the parameter is supplied by the driver. so whom to consider reliable. – Jango Mar 20 '14 at 12:29

1 Answers1

0

Try running a newer version of Wireshark than 1.8.2; the latest version is 1.10.6, and the latest 1.8 version is 1.8.13. It turns out that the Prism header format has two different types of DID values, and Wireshark needed to be changed to handle that; that change isn't in 1.8.2, as 1.8.2 came out before the change was made.

(If the version of Wireshark you're using was a package provided with a Linux distribution or *BSD, this might require that you either upgrade your OS to a version with a later version of Wireshark, find a package of Wireshark other than the one in your vendor's repository of packages, or build it yourself from source.)

  • I installed 1.10.6 and now all the prism header structures are visible and showing data. – Jango Mar 21 '14 at 05:35
  • all i can see in RSSI is values like -80,-67,-78 etc. I believe that they are representing dbm values. I need to know that if I am using a C structure ie struct prism_header and using its RSSI structure to access the value of RSSI, its data type is u_int_32. so how can I convert this value to its equivalent value in dbm. – Jango Mar 21 '14 at 05:45
  • also my device is linksys wrt54g router, its cisco device so i guess the RSSI_Max value would be 100 – Jango Mar 21 '14 at 06:12