From a98a255147cf2cff662f7e31343f0e792adb8a85 Mon Sep 17 00:00:00 2001
From: Robert McMahon <rjmcmahon@rjmcmahon.com>
Date: Fri, 13 Feb 2026 13:50:00 -0800
Subject: [PATCH] Add PLCP header counting to test_monitor_tshark.sh

- Add radiotap.present field to capture output
- Count packets with PLCP headers (radiotap information)
- Display PLCP count in both test capture and final summary
- Show warning if no PLCP headers detected (may indicate wrong DLT)

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 test_monitor_tshark.sh | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/test_monitor_tshark.sh b/test_monitor_tshark.sh
index 32cf0ba..6b7f8ac 100755
--- a/test_monitor_tshark.sh
+++ b/test_monitor_tshark.sh
@@ -80,10 +80,16 @@ iw dev "$INTERFACE" info | grep -E "(type|channel)" || echo "Could not verify"
 # Check DLT with tshark (capture for 1 second)
 echo ""
 echo "Checking Data Link Type (1 second test capture)..."
-TEST_OUTPUT=$(timeout 1 tshark -i "$INTERFACE" -T fields -e frame.number 2>&1)
-PACKET_COUNT=$(echo "$TEST_OUTPUT" | grep -E '^[0-9]+$' | wc -l || echo "0")
+TEST_OUTPUT=$(timeout 1 tshark -i "$INTERFACE" -T fields -e frame.number -e radiotap.present 2>&1)
+PACKET_COUNT=$(echo "$TEST_OUTPUT" | grep -E '^[0-9]+' | wc -l || echo "0")
+PLCP_COUNT=$(echo "$TEST_OUTPUT" | grep -E '^[0-9]+.*[0-9]' | wc -l || echo "0")
 echo "$TEST_OUTPUT" | tail -5 || true
 echo "Captured $PACKET_COUNT packet(s) in 1 second"
+if [ "$PLCP_COUNT" -gt 0 ]; then
+    echo "PLCP headers: $PLCP_COUNT (radiotap present)"
+else
+    echo "PLCP headers: 0 (no radiotap headers detected)"
+fi
 
 echo ""
 echo "=== Starting tshark capture ($DURATION seconds) ==="
@@ -99,6 +105,7 @@ CAPTURE_OUTPUT=$(timeout "$DURATION" tshark -i "$INTERFACE" -n -T fields \
     -e wlan.fc.type \
     -e wlan.fc.subtype \
     -e wlan.fc.type_subtype \
+    -e radiotap.present \
     2>&1)
 
 # Display first 50 lines of output
@@ -107,12 +114,22 @@ echo "$CAPTURE_OUTPUT" | head -50
 # Count total packets captured
 FINAL_COUNT=$(echo "$CAPTURE_OUTPUT" | grep -E '^[0-9]+' | wc -l || echo "0")
 
+# Count packets with PLCP headers (radiotap present)
+# radiotap.present field is the 8th field (after frame.number, frame.time, wlan.sa, wlan.da, wlan.fc.type, wlan.fc.subtype, wlan.fc.type_subtype)
+PLCP_COUNT=$(echo "$CAPTURE_OUTPUT" | awk -F'\t' 'NF >= 8 && $8 != "" && $8 != "0" && $8 != "-" {count++} END {print count+0}' || echo "0")
+
 echo ""
 echo "=== Capture complete ==="
 echo "Total packets captured: $FINAL_COUNT"
+echo "PLCP headers: $PLCP_COUNT"
 echo ""
 if [ "$FINAL_COUNT" -gt 0 ]; then
     echo "✓ Monitor mode is working! Captured $FINAL_COUNT packet(s)"
+    if [ "$PLCP_COUNT" -gt 0 ]; then
+        echo "✓ PLCP headers detected: $PLCP_COUNT packet(s) with radiotap information"
+    else
+        echo "⚠ No PLCP headers detected (may be using DLT_IEEE802_11 instead of DLT_IEEE802_11_RADIO)"
+    fi
 else
     echo "✗ No packets captured. Check:"
     echo "  1. Is there WiFi traffic on channel $CHANNEL?"