Ask Your Question
0

Wireless traffic analysis: what is recommended?

asked 2020-12-02 16:38:51 +0000

secureHIT gravatar image

Based on research I am finding that using AirPcap NX model (provided by Riverbed Technology) that integrates with Wireshark as a possible option to analyze wireless traffic; however, when reaching out to Riverbed Technology the response is that AirPcap no longer available. What have others found to be effective for wireless traffic analysis with Wireshark? Is there another option similar to AirPcap?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-12-02 18:08:58 +0000

Bob Jones gravatar image

Macbooks or Linux systems are typically the way to go. 802.11 capture on Windows is difficult.

  • Even if you can get Airpcap hardware, the performance is very limited for current capabilities in the market
  • There are commercial solutions - Omnipeek, Metageek, and others that can do some 802.11 capture on Windows
  • This is a professional tool for analysis and capture
  • Microsoft has some tools, but most (all ?) are end of life: Network Monitor and Message Analyzer.
  • Hardware based systems exist, too. Most enterprise grade wifi can do packet capture, and for low cost hardware, you could try Mikrotik products as they have some capabilities for OTA capture (over the air). There are other vendors with hardware systems - I bet Fluke has something.
  • npcap claims support for 802.11 capture on Windows but frankly it really doesn't work
  • Embedded Linux tool that can be used for capture - send data to Wireshark on Windows via SSH
edit flag offensive delete link more

Comments

Great summary @Bob_Jones!

I guess the question is what are you trying to accomplish with your WiFi capture? There are many tools and software out there that perform different things.

For example, some tools are better at creating a "heat" map to show WiFi signal strength throughout a space. Others are more tuned to WiFi performance and throughput. And there are still others focused on capturing packets for protocol analysis.

Once you know what type of WiFi capture you need, the tool becomes easier to define.

Amato_C gravatar imageAmato_C ( 2020-12-02 20:25:10 +0000 )edit

Thank you Amato_C and @Bob_Jones for your insight and guidance. In terms of forensic analysis for a wireless network or WiFi network what tool is recommended for GPS location of where the radiofrequency breach is originating from? In reaching out to the company that provides the recommendation @Bob_Jones refers to as a professional tool I am not receiving a response in regards of the forensic analysis capabilities. Amato_C, are you aware of tool that has the aforementioned capabilities that are sought?

secureHIT gravatar imagesecureHIT ( 2020-12-05 19:25:21 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2020-12-02 16:38:51 +0000

Seen: 1,970 times

Last updated: Dec 02 '20

Related questions

Data packets not captured

Computer compromised through Steam personal/financial information stolen HELP [closed]

Wireless controls are not supported in this version of wireshark

Wireshark noticed Error always when pcap file captured from wireless diagnostics app in MacBook Pro is opened

only seeing acks with tshark

Does wireshark show the number of MPDUs in a A-MPDU?

get active users from pcap file

How Can I change my wireless interface to monitor mode in version 2.6.0

Device location in LTE/GSM packets?

what is the capture/display filter to get RSSI information of WiFi users?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2