How to capture WLAN Frames? #CWAP8

This blog post will focus on tools I’ve used for performing Wireless Frame Captures. I’ve been largely dependent on Macbook for capturing the wireless frames. I would highly suggest you for sourcing a Macbook for frame capture as Windows PC option involves getting a third party WLAN pcap which is not cheap. Thank you Apple for making it possible to capture frames natively on Mac.

The Hardware

  • Macbook Pro

Other Utilities Required/Recommended.

  • Wireshark is available as free tool to download. It is highly recommended to optimize it using the wireless configuration profiles available at Metageek. This is our primary tool for capturing and analyzing the frames.

It is recommended to add (Absolute Time, Relative Time & Delta Time) values on the Wireshark as it is important when analyzing the wireless frame analysis. In roaming scenarios, one may need to acquire the time it took for a client to move between one AP to another.

  • Airtool is also available for free. This tool is not mandatory but good to have. Since it is free, then why not? It helps capture frames on few mouse clicks and helping you easily move them analyze them on wireshark or via online (Packets)
  • Packets (Arista) – Phenomenal tool for analyzing the frames. Birds eye view of various frame types in the wireless environment, management retries, problem clients etc. Free account available up to 100MB of pcap (more than sufficient for your CWAP studies).
  • WiFi Explorer – Highly Recommended if you can purchase, the professional version costs around $20 USD. Can really help with identifying the WLAN discovery and metrics of the environment.
  • If you own an iPhone or iPad, one can configure Wi-FI Diagnostics on the phone. Thanks for George Stefanick for explaining it so nicely.