Radiotap Layer

[GoogleCodeExporter]

It would be nice to have a Radiotap decoder. See http://www.radiotap.org/.

I'll try to give this a shot over the weekend.

Original issue reported on code.google.com by attilaolah on 25 Jun 2014 at 10:20

[GoogleCodeExporter]

Nevermind, I see now there is https://github.com/dutchcoders/gopacket-80211.

Feel free to close this. Sorry for the noise.

Original comment by attilaolah on 25 Jun 2014 at 10:21

[GoogleCodeExporter]

Still it would be nice to have this in gopacket, the gopacket-80211 package 
seriously lacks code quality

Original comment by lukas.l...@gmail.com on 25 Jun 2014 at 2:42

[GoogleCodeExporter]

It does. You can't even use it out of the box, since it's all a big "package 
main".

It is licensed MIT, so maybe it is worth porting it? After a `gofmt` and some 
automatic renaming, it doesn't look that bad.

Original comment by attilaolah on 25 Jun 2014 at 2:56

[GoogleCodeExporter]

Hey, all,

Just so you're aware, we're nearing completion of a full 802.11 set of 
decoders, including RadioTap.  See branch 'remco'.  We hope to have it moved 
into master by the end of the week.

I'll leave this open for now.

Also, any comments on the 'remco' branch code greatly appreciated.

Original comment by gconnell@google.com on 25 Jun 2014 at 3:28

[GoogleCodeExporter]

That's some great news!

However, I'd like to point out that it is "Radiotap", not "RadioTap" (although 
the latter does read better imo). See http://www.radiotap.org/.

Original comment by attilaolah on 25 Jun 2014 at 3:30

[GoogleCodeExporter]

Pushed to master, tag v1.1.4

Original comment by gconnell@google.com on 25 Jun 2014 at 9:36

• Changed state: Fixed

[GoogleCodeExporter]

Awesome! However, I've tried running this:

go get -u code.google.com/p/gopacket
cd $GOPATH/src/code.google.com/p/gopacket/examples/pcapdump
go build
./pcapdump -r=$HOME/packets-with-radiotap-header.pcapng

And the result I'm getting is:

PACKET: 838 bytes, wire length 838 cap length 838 @ 2014-06-20 21:57:37.651092 
+0200 CEST
- Layer 1 (14 bytes) = Ethernet {Contents=[...] Payload=[...] 
SrcMAC=00:00:10:48:71:09 DstMAC=00:00:12:00:2e:48 
EthernetType=UnknownEthernetType(49152) Length=0}
- Layer 2 (824 bytes) = DecodeFailure   Packet decoding error: Unable to decode 
ethernet type 49152
…

Is there something special I need to do to enable the Radiotap decoder?

Original comment by attilaolah on 26 Jun 2014 at 10:44

[GoogleCodeExporter]

Here is an example packet, as seen in Wireshark.

As you can see, the outermost layer is the Radiotap layer, while `pcapdump` 
decodes each packet as Ethernet.

Original comment by attilaolah on 26 Jun 2014 at 10:49

Attachments:

• wireshark-example.png

[GoogleCodeExporter]

Hey, attilaolah,

Since Radiotap is a top-level decoder, you'll need to pass it into whatever 
decodes your first layer.  For most people, that probably means passing 
layers.LinkTypeIEEE80211Radio into gopacket.NewPacketSource.

Note that if you're reading a PCAP file, you should be able to pass 
handle.LinkType() into gopacket.NewPacketSource(), and it should automatically 
detect that the file is radiotap stuff.  You can test this out with mesh.pcap 
from http://wiki.wireshark.org/SampleCaptures

Let me know if you continue to experience problems with this, and we can 
investigate further.

Original comment by gconnell@google.com on 26 Jun 2014 at 3:45