Wireless networking is a complex ﬁeld.With countless standards,protocols,andimplementations,it is not uncommon for administrators to encounter conﬁgurationissues that require sophisticated troubleshooting and analysis mechanisms.Fortunately,Wireshark has sophisticated wireless protocol analysis support tohelp administrators troubleshoot wireless networks.With the appropriate driver sup-port,Wireshark can capture trafﬁc “from the air”and decode it into a format thathelps administrators track down issues that are causing poor performance,intermit-tent connectivity,and other common problems.Wireshark is also a powerful wireless security analysis tool.Using Wireshark’sdisplay ﬁltering and protocol decoders,you can easily sift through large amounts of wireless trafﬁc to identify security vulnerabilities in the wireless network,includingweak encryption or authentication mechanisms,and information disclosure risks.Youcan also perform intrusion detection analysis to identify common attacks againstwireless networks while performing signal strength analysis to identify the locationof a station or access point (AP).This chapter introduces the unique challenges and recommendations for trafﬁcsnifﬁng on wireless networks.We examine the different operating modes supportedby wireless cards,and conﬁgure Linux and Windows systems to support wirelesstrafﬁc capture and analysis using Wireshark and third-party tools.Once you have mas-tered the task of capturing wireless trafﬁc,you will learn how to leverage Wireshark’spowerful wireless analysis features,and learn how to apply your new skills.
Challenges of Snifﬁng Wireless
Traditional network snifﬁng on an Ethernet network is fairly easy to set up.In a
,an analysis workstation running Wireshark starts a new packet capture,which conﬁgures the card in promiscuous mode and waits until the desired amount of trafﬁc has been captured.In a
,you need to conﬁgure a span portthat mirrors the trafﬁc sent to other stations,before initiating the packet capture.In both of these cases,it is easy to initiate a packet capture and start collectingtrafﬁc for analysis.When you switch to wireless analysis,however,the process of trafﬁc snifﬁng becomes more complicated and requires additional decisions up frontto best support the analysis you want to perform.
Selecting a Static Channel
Where a wired network offers a single medium mechanism for packet capture (i.e.,the wire),wireless networks can operate on multiple wireless channels using different
6:2Chapter 6 • Wireless Snifﬁng with Wireshark
ethereal_ch06.qxd 11/8/06 5:07 PM Page 2