Revision history [back]
TShark command to decode WSMP?
What is the command to have tshark decode the WSMP portion of a packet?
I have a pcap file (sample available) that I can open with Wireshark. Wireshark shows the WSMP portion of the packet. (Image available showing this, but I don't have enough karma to upload it.)
But when I decode the packets using tshark, it only shows "Data" for that portion of the packet.
I've tried various combinations of the -d argument, but all the different combinations I've tried result in either the "unknown layer type" error or "Protocol "wsmp" isn't valid for layer type ..." for any of the layer types I've tried. So I haven't been able to find the right parameters.
Any tips, pointers, suggestions, ideas would be greatly appreciated.
Thanks!
Ken
Notes:
I think it should be possible to do this, because the output from:
tshark -G protocols | grep -i wsmp
shows:
Wave Short Message Protocol(IEEE P1609.3) WSMP wsmp
But, the following command:
tshark -r /mnt/e/work/work/TC2/SpatSample.pcap -2 -c 1 -V
Produces this output:
Frame 1: 366 bytes on wire (2928 bits), 366 bytes captured (2928 bits)
Encapsulation type: IEEE 802.11 plus Prism II monitor mode radio header (21)
Arrival Time: Oct 9, 2020 11:10:46.540759000 EDT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1602256246.540759000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 366 bytes (2928 bits)
Capture Length: 366 bytes (2928 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: prism:wlan_radio:wlan:llc:data]
Prism capture header
Message Code: 0x00000044
Message Length: 144
Device Name: wifi1vap0
DID Host Time 719685155
DID: Host Time (0x00010044)
Status: Supplied (0)
Length: 4
Host Time: 719685155
DID Mac Time 1508234676
DID: Mac Time (0x00020044)
Status: Supplied (0)
Length: 4
MAC timestamp (lower 32 bits): 1508234676
DID Channel 172
DID: Channel (0x00030044)
Status: Supplied (0)
Length: 4
Channel: 172
DID RSSI 0
DID: RSSI (0x00040044)
Status: Supplied (0)
Length: 4
RSSI: 0
DID SQ 0x0
DID: SQ (0x00050044)
Status: Supplied (0)
Length: 4
Signal Quality: 0
DID Signal 0x41
DID: Signal (0x00060044)
Status: Supplied (0)
Length: 4
Signal: 65
DID Noise 0x0
DID: Noise (0x00070044)
Status: Supplied (0)
Length: 4
Noise: 0
DID Rate 6.0 Mb/s
DID: Rate (0x00080044)
Status: Supplied (0)
Length: 4
Data rate (Mb/s): 6.0
DID Is Tx 0x1
DID: Is Tx (0x00090044)
Status: Supplied (0)
Length: 4
IsTX: Tx Packet (0x00000001)
DID Frame Length 53
DID: Frame Length (0x000a0044)
Status: Supplied (0)
Length: 4
Frame Length: 53
802.11 radio information
Data rate: 6.0 Mb/s
Channel: 172
Signal strength (dBm): 0dBm
TSF timestamp: 1508234676
[Duration: 320µs]
[Preamble: 20µs]
IEEE 802.11 Data, Flags: ........
Type/Subtype: Data (0x0020)
Frame Control Field: 0x0800
.... ..00 = Version: 0
.... 10.. = Type: Data frame (2)
0000 .... = Subtype: 0
Flags: 0x00
.... ..00 = DS status: Not leaving DS or network is operating in AD-HOC mode (To DS: 0 From DS: 0) (0x0)
.... .0.. = More Fragments: This is the last fragment
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = Protected flag: Data is not protected
0... .... = Order flag: Not strictly ordered
.000 0000 0000 0000 = Duration: 0 microseconds
Receiver address: Broadcast (ff:ff:ff:ff:ff:ff)
Transmitter address: Arada_05:3b:02 (00:26:ad:05:3b:02)
Destination address: Broadcast (ff:ff:ff:ff:ff:ff)
Source address: Arada_05:3b:02 (00:26:ad:05:3b:02)
BSS Id: Broadcast (ff:ff:ff:ff:ff:ff)
.... .... .... 0000 = Fragment number: 0
0000 0000 0000 .... = Sequence number: 0
Logical-Link Control
DSAP: Unknown (0x88)
1000 100. = SAP: Unknown
.... ...0 = IG Bit: Individual
SSAP: Unknown (0xdc)
1101 110. = SAP: Unknown
.... ...0 = CR Bit: Command
Control field: U, func=Unknown (0x0B)
000. 10.. = Command: Unknown (0x02)
.... ..11 = Frame type: Unnumbered frame (0x3)
Data (195 bytes)
0000 03 0f 01 ac 04 01 97 10 01 0c 00 80 02 80 b4 03 ................
0010 81 00 40 03 80 4d 00 13 4a 00 18 00 24 ca 00 00 [email protected]...$...
0020 63 53 0b 53 a0 70 01 04 34 0d 86 8e e9 80 10 23 cS.S.p..4......#
0030 20 66 70 6b e8 00 c1 0d 03 43 e3 66 e0 08 08 68 fpk.....C.f...h
0040 1a 8a 1c 38 00 50 43 40 dd 18 f0 28 03 02 32 06 ...8.PC@...(..2.
0050 67 06 e4 00 1c 10 d0 34 de 37 9a 01 00 86 81 ad g......4.7......
0060 e1 cd 20 50 01 82 00 01 e1 6e d1 57 06 65 00 00 .. P.....n.W.e..
0070 00 2a ff ff ff ad 00 d8 80 d3 7d 5e 8f 62 4c df .*........}^.bL.
0080 01 80 83 05 67 64 69 71 d1 8c 77 3a e9 9c 9f a4 ....gdiq..w:....
0090 da 7b 0a 84 96 62 5e 49 cd 40 11 de 2c 6d 7e 2d .{...b^I.@..,m~-
00a0 4f ac 33 3d 6c cb 13 43 b7 2e aa 81 d8 47 1f e1 O.3=l..C.....G..
00b0 28 27 eb ef 30 69 8c be fb 91 45 24 e5 90 06 a6 ('..0i....E$....
00c0 8b a9 68 ..h
Data: 030f01ac04019710010c00800280b40381004003804d0013...
[Length: 195]