How to use tcpdump to retrieve mcs index

Question

I am trying to figure out how to use tcpdump to find the mcs index for packets. I have gotten as far as figuring out that I need to be extracting something from the radiotap header (I am on a mac so I should have access to this). I have gotten as far as:

tcpdump -i en1 -I -y ieee802_11_radio

I am also open to using something like tshark. With tshark I have gotten as far as:

tshark -i en1 -Y radiotap.mcs.index -I

I do not know where to go from here or if this might be giving me what I need without me knowing it. This might just be a question about deciphering the output, but I am not really sure. I have done a lot of searching but have not found a lot of explicit documentation.

Answer 1

Tcpdump doesn't currently extract the 11n or 11ac information from a radiotap header, so you can't get the MCS index with it. This is a bug; I'll fix it.

The TShark command you would want would be something such as

tshark -i en0 -I -Y radiotap.mcs.index -T fields -e radiotap.mcs.index

-Y radiotap.mcs.index means "discard packets that don't have radiotap.mcs.index"; -T fields -e radiotap.mcs.index means "print the value of radiotap.mcs.index if it's present in the packet" (it prints a blank line if it's not present in the packet, which is why you also use the -Y flag).