Ask Your Question
0

Wireshark Setup for 802.11ax association requests

asked 2021-01-20 15:15:35 +0000

AlahambraOligododo gravatar image

Dear all,

I want to capture the association requests sent from a device A when it connects over 802.11ax (Wifi 6) to a router B. From this I want to read out the (V)HT capabilities.

I used to have a Fritz!Box 7530 which has a built-in capture function, which allows to stream the caputerd packages to my hard disk as *.eth-file. I was able to analyze these files with Wireshark. Unfortunately this router does not support Wifi 6 - and a novel model does not support this special capture mode...

Is there a recommended router which allows to monitor the Wifi 6 traffic? If not, is there a recommended Wifi 6 router which allows port mirroring to an ethernet port? Additionally, is there a recommended computer (with Linux or MacOS) which allows "in any case" to capture the Wifi 6 traffic directly? It seems as if the success of my project depends on the available NIC drivers?

Kind regards and thank you!

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2021-01-21 01:34:00 +0000

Bob Jones gravatar image

Wifi6 is HE now, where VHT is WiFi5. If your clients and AP supports HE, wireshark can show HE modulated frames if captured properly.

All the enterprise vendors of WiFi equipment can do OTA capture (over the air) but not sure you are in the market for controller based systems. Anyway, most of these capture systems have flaws that can make them less than useful for capture purposes. Depends on the vendor and the problem at hand.

For simple host based capture, the Intel AX200 on Linux works in monitor and promiscuous mode to collect HE traffic. It is 2x2 only, but may be good enough depending on your clients. Some of the high end APs are 8x8 but I have never seen a client that capable. I saw some web info about a QCA card but don’t know if it supports monitor mode on Linux or not. Macs are usually good at capture but I don’t know if they are shipping WIFi6 cards yet. My 6month old MacBook Pro is WiFi5, 3x3.

edit flag offensive delete link more

Comments

Thank you for your answer! The Intel AX200 seems the way to go, as it is widely used for these use cases. However, I also found that the "new" MacBooks support Wifi 6 - but afaik there is no "native" Wireshark version for the M1 processor. I don't know if this would affect the 802.11ax capture abilities...

AlahambraOligododo gravatar imageAlahambraOligododo ( 2021-01-21 07:18:42 +0000 )edit

afaik there is no "native" Wireshark version for the M1 processor.

Not yet - we'll need either to do a cross-build or get an M1 Mac mini or something such as that for the buildbot. (Sadly, not all of the support libraries that Wireshark uses support fat builds, so cross-building will be a royal pain at best.)

I don't know if this would affect the 802.11ax capture abilities...

I wouldn't expect it to:

  1. There's nothing about x86-64 vs. ARM64 that would make any difference.
  2. Rosetta-translated code would either run the ARM64 version of libpcap or run ARM64-translated libpcap code, which should pass the correct structures to the BPF ioctls, so capturing should work as well (and they're both little-endian so there shouldn't be the same problems that did exist for PPC vs. x86).
  3. The only thing that would make a difference would be the ...
(more)
Guy Harris gravatar imageGuy Harris ( 2021-01-27 02:46:35 +0000 )edit

I now have a MacBook Air with M1 and I can use the Monitor Mode and measure association requests which are sent in the network.

I'm happy to provide you some further information.

AlahambraOligododo gravatar imageAlahambraOligododo ( 2021-01-27 17:18:03 +0000 )edit

Good to know! Do you have any HE clients? I would be interested in comparing an HE capture from the MAC against the Intel AX200 devices from Linux.

Bob Jones gravatar imageBob Jones ( 2021-01-27 19:37:24 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2021-01-20 15:15:35 +0000

Seen: 129 times

Last updated: Jan 21