Hi All,
I am currently making some changes to some automation software that
uses tshark's output. My development has been primarily in a linux
environment and is tied to wireless lans. I have noticed that tsharks
default output is different between a windows & linux machine, and
essentially I am hoping to get the nice "Flags" bitmap that appears in
linux, to appear in windows.
For example, currently I am using
tshark -r (filename) -z proto,colinfo,frame.len,frame.len -z
proto,colinfo,wlan.bssid,wlan.bssid
here is the corresponding tshark output:
(linux)
34659 372.477882 OUI_05:02:a9 -> OUI_34:cb:0e
IEEE
802.11 Data, SN=285, FN=0, Flags=.p.....TC wlan.bssid ==
00:00:00:79:37:70 frame.len == 408
(windows)
34659 372.477882 OUI_05:02:a9 -> OUI_34:cb:0e IEEE 802.11
Data,SN=285,FN=0 wlan.bssid == 00:15:70:79:37:70 frame.len == 408
I have emboldened the flags section I am referring to, which is present
under linux's tshark output, but not under window's tshark output.
I've been using the -z options to extract and append various other
values (such as bssid, and frame length) to tshark's default output,
however doing this to wlan.flags yields a hex value. This is not the
end of the world, as I can bitmask the values out that I want, however
tshark also includes a C flag (this is not part of wlan.flags) to tell
you if the frame has a valid CRC.
If anyone knows how to get the windows version of tshark to display the
flags in the format the linux does (that nice bitmap + CRC bit) please
let me know. The man page doesn't seem to go into the level of detail I
want here, but I'll keep reading and researching in the meantime to
attempt to figure this out.
Thanks!
--
Anthony
|
