🚨Wireshark 4.0

Hot off the presses! Only for the brave :)

NOTE: This lab uses the new hot-off-the-presses v4.0 of Wireshark! This is an alternative to the Wireshark 3.x lab for those feeling brave 😄. This lab does not require Python to be installed, as the required "Wifidump" plugin is already included with Wireshark 4.x

Wireshark 4.x using the Wifidump plugin allows us to perform a frame capture using the WLAN Pi as an external sensor:

Wireshark V4.x on Windows using the WLAN Pi as a remote sensor

Even if you already have Wireshark 4.0 installed, we need to reinstall it with a critical (non-default) checkbox for the Wifidump module checked. Do bypass this step unless you are 100% sure that you have previously installed Wireshark with the optional "Sshdump, Ciscodump & Wifidump" module selected.

Step 1 - Download & Install Wireshark 4.x

LogoWireshark · Download
Click link, download and install!

Initiate the Wireshark installation by double-clicking on the download Wireshark-win64-4.x.x.exe file.

Accept the installer wizard dialogues until you reach the 'Choose Components' screen

Expand the Tools option and scroll down. Select 'Sshdump, Ciscodump, and Wifidump' checkbox

This option enables remote packet capture via SSH

All other options can (& should) be left as default

Step 2 - Verify Remote Capture Interface inWireshark

  1. Open Wireshark

  2. You should see 'Wi-Fi remote capture' in the list of available interfaces:

Step 3 - Perform Remote Wi-Fi Capture

The "Wi-Fi remote capture" interface allows you to perform remote Wi-Fi packet captures on a specified channel and channel width using a Linux device with a compatible Wi-Fi adapter (i.e. one that can be put into monitor mode).

Click the gear icon next to "Wi-Fi remote capture" to display the interface options. On the Server tab enter the remote SSH server address (i.e. your WLAN Pi) and remote server port "22". Check the IP address of the eth0 interface of your WLAN Pi using the Front Panel Menu System (The IP address required is shown on the top-level page of FPMS). :

You need to specify the IPv4 address x.x.x.x rather than using 'wlanpi-xxx.local'

All 802.11 channels are listed, however, the Wi-Fi adapter on the WLAN Pi device may support only a subset of them. If you choose a channel that is not supported by the Wi-Fi adapter or a channel width that doesn't apply to the selected channel, the capture will fail.

Go to the Authentication tab and enter the username and password​ you use to access your WLAN Pi.

The password is not saved between sessions, this means that if you close Wireshark, when you re-open the application you will need to re-enter your password to capture from the WLAN Pi.

This hassle can be avoided by configuring passwordless SSH authentication to the WLAN Pi (we are not going to cover this here but details can be found here)

Go to the Capture tab and enter the interface name, channel, and channel width you want to capture on:

Finally, logging may be setup on the Debug panel of the capture wizard:

Click the Start button to begin capturing frames​.

Move on to the Windows frame capture lab to take a closer look at some captured frames.

Previous2️⃣ Wireshark 3.x (Windows)NextmacOS Setup

Last updated

Was this helpful?