I need to implement .pcap parser for QoS values analyzing.
The problem is to open .pcap-file (generated by Wireshark or tcpdump) and extract QoS Control value (if available) from each package.
I know that QoS Control located inside IEEE 802.11 QoS Data layer (it's available through Wireshark), but I have no idea how to extract this parameter from my script.
I've tried to use:
1. Python + dpkt
2. C# + sharppcap
and I've got data from IP and TCP layers, but without any data about QoS.
Probably, I need to explore raw .pcap and look for QoS data without any parsers, but maybe it's available another way?
Using the tshark command (part of Wireshark), you can extract one or more fields in text format. Example command:
tshark -r some.pcap -Tfields -e wlan.qos
You can find the wlan.qos field at https://www.wireshark.org/docs/dfref/w/wlan.html. To find the field name for fields you see in Wireshark, select the field and look in the status bar for the name and description.