๐ค3. Lab: Wi-Fi Frame Capture
Let's sniff some Wi-Fi frames!
Last updated
Let's sniff some Wi-Fi frames!
Last updated
The WLAN Pi provides multiple methods of capturing Wi-Fi frames into packet capture apps, using the WLAN Pi as a capture device. This provides a compelling option for network troubleshooting, testing, or validation.
The wireless adapter within the WLAN Pi uses drivers that allow it to be placed into Monitor mode to listen for all frames over the air. It supports all 3 Wi-Fi bands, capturing frames on the 2.4 GHz, 5 GHz, and 6 GHz bands. The adapter supports two spatial streams (SS) and may only capture transmissions using 1 SS or 2 SS. It supports Wi-Fi standards up to and including Wi-Fi 6E.
The capture process is summarized in the diagram below:
The diagram shows a capture laptop using the WLAN Pi to capture frames over the air. Here are the highlights of the process:
The capture laptop runs an application such as Wireshark to decode frames received from the WLAN Pi.
The WLAN Pi is placed in a location where frames need to be sniffed. Note that this may be an area that is physically local or remote from the capture laptop. Remote connections may be supported via VPN techniques for remote device access.
When the capture laptop initiates a frame capture, the capture application initiates an SSH session to place the WLAN Pi wireless adapter into Monitor mode, set it on the channel to sniff, and stream the capture frames back to the laptop.
Frame capture is supported on Windows, macOS, and iOS. Note that some options are free, and some aren't.