Capture Device Roaming
Windows 10. Wireshark 3.6.6. NPCAP 1.70. Panda PAU0D WiFi adapter.
The goal is to capture evidence that a WiFi device (cell phone) roams (changes connection) from one access point to another as it moves around the house. This would seem to be a pretty simple task, but after several hours of frustration, it is clear that I am "missing something".
Things I know:
Channel is 48. WiFi MAC address of cell phone. WiFi MAC address of (4) WiFi access points.
When I put the WiFi adapter in Monitor mode, it collects a ton of management packets, but does not seem to capture the Beacon frames output by the four access points. Nor does it capture association and disassociation packets.
Rather than hunt through all the packets flying around from other devices, it would be helpful to capture only the beacon frames and association/disassociation frames.
Any advice would be sincerely appreciated.
