I need to implement .pcap parser for QoS values analyzing.
The problem is to open .pcap-file (generated by Wireshark or tcpdump) and extract QoS Control value (if available) from each package.
I know that QoS Control located inside IEEE 802.11 QoS Data layer (it's available through Wireshark), but I have no idea how to extract this parameter from my script.
I've tried to use:
1. Python + dpkt
2. C# + sharppcap
and I've got data from IP and TCP layers, but without any data about QoS.
Probably, I need to explore raw .pcap and look for QoS data without any parsers, but maybe it's available another way?
Asked
Active
Viewed 573 times
1
olpo.graphy
- 405
- 8
- 17
1 Answers
1
Using the tshark command (part of Wireshark), you can extract one or more fields in text format. Example command:
tshark -r some.pcap -Tfields -e wlan.qos
You can find the wlan.qos field at https://www.wireshark.org/docs/dfref/w/wlan.html. To find the field name for fields you see in Wireshark, select the field and look in the status bar for the name and description.
Lekensteyn
- 64,486
- 22
- 159
- 192
-
Thanks, really helpful! – olpo.graphy Nov 29 '16 at 00:25