 | 1 | initial version |
If you only need your network with your AP, most APs today have two radios, one 2.4 and one 5GHz (high end ones sometimes have three radios). This would require two wireless radios, so two wireless adapters. A single Macbook will be tough; it has one radio that works great, but only one (two Macbooks would do nicely...). Windows is tough, in general, for Wireless sniffing so that is not an attractive choice. Linux would be a good choice, as you can use many WiFi adapters at the same time, either some form of newer PCI (miniPCIe, M.2, etc.) or USB, or a mix of both.
With each adapter configured for the specific channel and modulations, have Wireshark capture on both adapters at the same time; shift + mouse select usually works on the current version of Wireshark under Capture --> Options --> Input to select multiple interfaces.
For CLI use, dumpcap is useful as you can pass multiple interface options, simple example:
dumpcap -i wlan1 -i wlan6 -i wlan11 -s 0 -g -w somefile.pcap
tcpdump does not seem to support multiple adapters at the same time. Omnipeek, a commercial packet capture alternative that is very much not free, can handle multiple interfaces as well.
Exactly which adapters to use and how to configure them for monitor mode depends entirely on what platform you choose and the specific traffic you need to capture.