Saturday, January 21, 2017

Introduction to WiFi Packet Captures

If you are a beginner who is just starting to use WiFi with wireshark and want some sample captures to look at here are a few from the wireshark site:

Simple wireless join:
File: Network_Join_Nokia_Mobile.pcap Description: 802.11 capture of a new client joining the network, authenticating and activating WPA ciphering

File: wpa-Induction.pcap Description: 802.11 capture with WPA data encrypted using the password "Induction".

Looking at encrypted packets
Description: 802.11 capture with WPA-EAP. PSK's 
File: Http.cap For this captures you will also need to be able to decrypt the capture with keys. Please see reference [1] for more details.

to decode this capture, please use the following key: a5001e18e0b3f792278825bc3abff72d7021d7c157b600470ef730e2490835d4 79258f6ceeecedd3482b92deaabdb675f09bcb4003ef5074f5ddb10a94ebe00a 23a9ee58c7810546ae3e7509fda9f97435778d689e53a54891c56d02f18ca162

Description: 802.11n capture with PPI encapsulation containing HTTP data.
File: mesh.pcap Description: 802.11s capture with Radiotap encapsulation.

The wireshark website [2] has a more elaborate list of wired wireless packet captures that you can look at.

[1] Decryption of wireshark captures
[2] Sample packet captures to test with wireshark