Wireshark and pcap file
359 views
Skip to first unread message
Amuri
Feb 15, 2015, 2:00:14 PM2/15/15
to ns-3-...@googlegroups.com
Hi every one:
I have a question regarding the data seen in wireshark using the pcap file.
We generated 30 pcap files (which is the same number of nodes we have in the simulation) by adding the following line:
wifiPhy.EnablePcapAll (std::string ("aodv"))
where wifiPhy is a YansWifiPhyHelper class
Problem is we are getting only certain packets that we are seeing (only AODVex. RREQs, RREPs, RRERs, and ARPs) but we see no RTS, CTS, and UDP packets. UDP are data packets, and RTS and CTS are the MAC packets which are essential in ieee.80211b (the wifi model we are using)
Do we have to specify anything else in our EnablePcapAll function?
Thanks
Tommaso Pecorella
Feb 15, 2015, 2:12:16 PM2/15/15
to ns-3-...@googlegroups.com
Hi,
no, you don't have to specify more.
The RTS/CTS may be either not sent (they're not sent for short packets). Moreover, I'm not sure that they're shown in the pcap file.
About the missing UDP packets... maybe they're not being sent ? Make sure that the simulation is long enough and that the sender node does find a route to the destination.
Cheers,
T.
Amuri
Feb 15, 2015, 3:31:29 PM2/15/15
to ns-3-...@googlegroups.com
Thanks TP
Raju Manthena
Feb 22, 2015, 2:08:45 PM2/22/15
to ns-3-...@googlegroups.com
Hi Tommaso and other ns3 users,
Thanks for the reply. We have concluded after experimenting with the packet size that ieee 802.11b in our case is not using any rts/cts since its only an optional mechanism. We are also able to see the udp packets too!
However one question is that when I see the udp packet sniffed, I see the origin and destination of the udp packet. I do not see the immediate sender (intermediate and node)
For example, in our figure attached, you see node A sending UDP packet to node C, but since they are too far it uses node B as an intermediate node. Node P (the analyzer) sees the UDP packet that node B is forwarding. In our wireshark when we filtered udp packets we only see the packet features as the originator (A) and intended receiver (C) but we do not see any information about where it came from (B). What packet filter do I use to see that? Since UDP packet filter is not showing that.
Tommaso Pecorella
Feb 22, 2015, 4:00:40 PM2/22/15
to ns-3-...@googlegroups.com
Well, think about it.
UDP: nope, it's end-to-end (and it's "IP" addresses are inherited from the IP header).
IP: nope, the IP address is not changed by intermediate nodes (with the exceptions of NATs, and NAT should be burned in hell).
The only thing remaining it's the MAC header.
Check the MAC addresses.
T.
Raju Manthena
Feb 24, 2015, 9:25:27 PM2/24/15
to ns-3-...@googlegroups.com
Dear Tommaso, and other ns3 users,
I have looked at the UDP and tried to trace the MAC address of the packet but couldnt find any way to do so. UDP packet also has a header of 64 bytes long. Since the udp header only contains the ip address which are the end to end addresses we found no information on the mac layer.
We have also seen all other packets that wireshark has captured and couldn't find any packet that contains more than 128 bytes (since our udp packet has a payload of 64 bytes and header of 64 bytes). The reason why we are looking for larger sized packets is because I want to capture the UDP packet that is traced before it reaches the top layer and since before reaching the network layer the packet will have an additional MAC header which will contain the mac addresses of the forwarding nodes that packet should be more than 128 bytes.
However the only MAC layer or other lower layer packets I see are ARPs, ACKs, and standard ieee 802.11b which have a much lower length than even 50 bytes
Is there any particular type of MAC packet i should look for, or is there any way of finding the mac address of where the udp packet came from in wireshark?
Thanks!
Please feel free anyone to comment if my reasoning is a little wrong.
Tommaso Pecorella
Feb 25, 2015, 1:54:25 AM2/25/15
to ns-3-...@googlegroups.com
UDP header is 64 BITs, i.e., 8 bytes.
IP header is 20 bytes (usually)
The MAC header *must* be there (otherwise Wi-Fi wouldn't work). Look for the 802.11 header and you'll find the MAC address.
T.
Raju Manthena
Feb 28, 2015, 12:04:52 PM2/28/15
to ns-3-...@googlegroups.com
Dear Tommaso,
Thank You very much for the helpful reply. We are analyzing packets and we are able to look at the ieee 802.11 header which gives what we are looking for.
I have another quick question. Will there be information in a udp packet header (header could be udp, ip, or any other thing) which tells us the hop count (or the number of nodes the packet anticipates to go through before reaching the final destination) I tried to look at this in the internet there is no clear answer though.
(if no such information exists, no worries we will work our way around it)
Thanks!
Tommaso Pecorella
Feb 28, 2015, 12:29:37 PM2/28/15
to ns-3-...@googlegroups.com
Hi,
no, you can not know in advance the number of hops the packet will do. It may vary from packet to packet, and even after a few received packets, only a rough estimate may be calculated.
The hop number in the IP header is only there to prevent packets going into infinite loops. Consider it as a failsafe counter, nothing less, nothing more.
However, if the receiver knows what was the hop count that the sender placed in the IP header, then it may calculate how many hops the received packet did. It's the past, tho, not the future, and a packet going backward from the receiver to the sender may experience a different number of hops.
Cheers,
T.
Reply all
Reply to author
Forward
0 new messages