Wireless Networks
The Wireless Networks analysis tool allows users to view a wireless statistical report by analyzing the 802.11 management packets in a capture file.
Viewing the Wireless Networks
To see the wireless networks that were broadcasting at the time of the capture, simply click on the Wireless Networks button under the Analysis Tools menu for your capture file. A report will pop up in your browser. Like most analysis tools, this can be opened on its own page for bookmarking by clicking the ‘Open in new window’ button at the bottom of the pop up.
Each of the fields are sortable by clicking on the column header. Reverse sort any column by clicking the header a second time.
Explanation of Fields
- BSSID: The layer 2 address of the wireless station
- SSID: The network name, if applicable
- Vendor: This is the OUI of the BSSID resolved to a vendor name
- Signal_dBm: The power ratio in decibels of the measured power referenced to one milliwatt
- Channel: Denotes the distinct frequency range the station is broadcasting and receiving
- Security: The security schema being employed, if applicable
A note on capturing wireless management packets
Various capture tools do not always capture wireless management packets by default. Capturing these packets requires a combination of hardware supports the feature, plus configuration of the capture tool. This is often called ‘Monitor mode’. For example, to force the tcpdump command to capture wireless management packets, along with all normal network packets, pass the -I flag:
tcpdump -I -i en1 -w beacon_packets.cap
This example will capture only wireless beacon frames:
tcpdump -I -i en1 -w beacon_packets.cap wlan[0] == 0x80