Windows Setup
Last updated
Last updated
For this lab, you will need Wireshark 4.0.3 or higher. The latest as of today is 4.2.3. Wireshark 4 includes a plugin called Wifidump which allows us to perform a frame capture using the WLAN Pi as an external sensor:
Even if you already have Wireshark 4 installed, we need to reinstall it with a critical (non-default) checkbox that enables the Wifidump plugin. Do NOT bypass this step unless you are 100% sure that you have previously installed Wireshark with the option "Sshdump, Ciscodump & Wifidump" selected.
Initiate the Wireshark installation by double-clicking on the download Wireshark-4.xx-x64.exe
file. Then, accept the installer wizard dialogues until you reach the Choose Components screen:
Expand the External capture tools (extcap) option (you may have to scroll down in the Select component to install box)
Select the Sshdump, Ciscodump, and Wifidump checkbox:
Hit Next and go through the prompts to complete the installation. Remaining defaults are OK.
Open Wireshark.
You should see 'Wi-Fi remote capture' in the list of available interfaces (you may have to scroll down):
The "Wi-Fi remote capture" interface allows you to perform remote Wi-Fi packet captures on a specified channel and channel width using a Linux device with a compatible Wi-Fi adapter (i.e., one that can be put into monitor mode).
Click the gear icon next to "Wi-Fi remote capture" to display the interface options. On the Server tab, enter the remote SSH server address (i.e., your WLAN Pi wired IP address) and remote server port "22". Check the IP address of the eth0 interface of your WLAN Pi using the Front Panel Menu System (the IP address required is shown on the top-level page of FPMS):
You need to specify the IPv4 address x.x.x.x rather than using wlanpi-xxx.local
Go to the Authentication tab and enter the username and passwordโ you use to access your WLAN Pi.
The password is not saved between sessions. This means that if you close Wireshark, when you re-open the application you will need to re-enter your password to capture from the WLAN Pi.
This hassle can be avoided by configuring passwordless SSH authentication to the WLAN Pi.
Go to the Capture tab and enter the channel, and channel width you want to capture on. If using an interface other than 'wlan0', then enter its name in the Remote interface field:
Note that all 802.11 channels are listed, however, the Wi-Fi adapter on the WLAN Pi device may only support a subset of them. If you choose a channel that is not supported by the Wi-Fi adapter or a channel width that doesn't apply to the selected channel, the capture will fail.
Finally, logging may be set up on the Debug panel of the capture wizard:
Click the Start button to begin capturing framesโ.
Check out the Wireshark resources and then move on to the Windows frame capture lab to take a closer look at some captured frames.