As part of my PhD-study, I was asked to count the number of lost ACK frames on a wifi link. I accomplished this by running tcpdump on one of my two routers (setup for IBSS) in the following steps…
First I setup netcat on my laptop to retrieve the tcpdump-data:
nc -l 6789 > dump.pcap
Then create a monitor interface on the receiving router and start tcpdump:
# Create a monitor interface
iw phy0 interface add mon0 type monitor flags none
ip link set dev mon0 up
# Make tcpdump capture frame destined to the router and pipe to my laptop:laptop_ip="172.26.72.81"router_mac=$(cat /sys/class/net/wlan0/address)
tcpdump -i mon0 -w - -s 128 wlan type data and ether dst $router_mac| nc $laptop_ip 6789
Now generate some data to the router. I used iperf in UDP mode, but make sure the rate is not too high, as tcpdump might drop frames. Once you feel that enough data is captured, stop tcpdump on the router.
On my laptop, I now have dump.pcap. To parse it I used this script:
When calling the script it will produce the following output:
data frames: 908
This shows that the router received 908 frames, of which 116 was marked as retries by the sender. And out of these 116 retries, 26 frames was already received by the router, which indicates a lost ACK at the sender.