Ask Your Question
0

Looking to monitor all wifi lan traffic

asked 2019-08-04 11:20:58 +0000

dmjost gravatar image

hi -

I have spurious issues

How do i setup wireshark to watch multiple wifi channels ?

I know i must be dropping packets sometimes - just dont know specifics.

Need traffic log so i can look at and time behaviour to performance

thanks

edit retag flag offensive close merge delete

Comments

Looking to monitor all wifi lan traffic

What do you consider all? All traffic on all 802.11 channels at the same time? All traffic from your specific network, which is likely only a single channel? Maybe just traffic on a specific band in use in your region?

Watching multiple channels at the same has two flavors, but we don't know what you need. The first is channel hopping, where the radio cycles through the channels. This captures a small amount of traffic on each channel, time sliced. Since the radio is only on one channel at a time, you can't pick up the other channels at the same time. The other option would be to capture on multiple adapters at the same time, then you get more or less all the traffic on those channels. The number of channels available to you is dependent on your region ...(more)

Bob Jones gravatar imageBob Jones ( 2019-08-04 13:17:52 +0000 )edit

Thanks for the reply.

I want to watch 2.4 and 5 WiFi locally. I can put one system on each frequency if needed - since you mentioned I cannot watch what I am not connected to.

Some device is flooding "noise" - need to watch, wait to figure out next steps

dmjost gravatar imagedmjost ( 2019-08-04 15:02:49 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-08-04 15:28:15 +0000

Bob Jones gravatar image

If you only need your network with your AP, most APs today have two radios, one 2.4 and one 5GHz (high end ones sometimes have three radios). This would require two wireless radios, so two wireless adapters. A single Macbook will be tough; it has one radio that works great, but only one (two Macbooks would do nicely...). Windows is tough, in general, for Wireless sniffing so that is not an attractive choice. Linux would be a good choice, as you can use many WiFi adapters at the same time, either some form of newer PCI (miniPCIe, M.2, etc.) or USB, or a mix of both.

With each adapter configured for the specific channel and modulations, have Wireshark capture on both adapters at the same time; shift + mouse select usually works on the current version of Wireshark under Capture --> Options --> Input to select multiple interfaces.

For CLI use, dumpcap is useful as you can pass multiple interface options, simple example:

dumpcap -i wlan1 -i wlan6 -i wlan11 -s 0 -g -w somefile.pcap

tcpdump does not seem to support multiple adapters at the same time. Omnipeek, a commercial packet capture alternative that is very much not free, can handle multiple interfaces as well.

Exactly which adapters to use and how to configure them for monitor mode depends entirely on what platform you choose and the specific traffic you need to capture.

edit flag offensive delete link more
0

answered 2019-08-04 12:49:55 +0000

Jaap gravatar image

Have a look at kismet maybe?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-08-04 11:20:58 +0000

Seen: 1,626 times

Last updated: Aug 04 '19