Ask Your Question

Revision history [back]

How to use tshark to capture proof of poor wireless deployment?

Right now im limited with my tshark abilities, but the goal is to deploy linux distros like kali linux to remote locations and have staff setup in problem areas wired and reverse ssl tunnel into them and execute tshark on them over ssh. we have had too many times that the bloat of wireshark program gui locks up the system and we miss what we actually needed want to capture.

currently all i know how to do is run a simple capture filter in monitor mode on my wireless interface using the below command

tshark -i en0 -I -f "ether host <mac addy="">"

I am looking to be a bit more agnostic of the device i and trying to optimize for and look at the wireless as a whole. Such as with wireshark filters for beacon frames and retry packets, can anyone help me develop some of those tshark commands and once i see the filters and the syntax for those i should be able to figure out how to manipulate it for the other filters i am looking to apply.

VERY much appreciated if anyone can assist