2️⃣Wireshark 3.x (Windows)

Now that we have Python installed, we can install and configure Wireshark 3.x to allow us to perform a frame capture using the WLAN Pi as an external sensor:

Wireshark on Windows using the WLAN Pi as a remote sensor

Even if you already have Wireshark 3.x installed, we need to reinstall it with a critical (non-default) checkbox for the sshdump module checked. Do bypass this step unless you are 100% sure that you have previously installed Wireshark with the optional sshdump module selected.

Step 1 - Download & Install Wireshark 3.x

Wireshark · Download

Click link, download and install!

Initiate the Wireshark installation by double-clicking on the download Wireshark-win64-3.x.x.exe file.

Accept the installer wizard dialogues until you reach the 'Choose Components' screen

Expand the Tools option and scroll down. Select 'Sshdump & Ciscodump' checkbox

Select the "Sshdump and Cisco" option

This option enables remote packet capture via SSH

All other options can (& should) be left as default

Accept the remainder of the defaults of the Wireshark wizard to complete the software installation. Note that you may be prompted to reboot at the end of the installation process.

Step 2 - Install wlan-extcap (Python helper script)

4KB

wlandump.zip

archive

1. Download wlandump.zip and extract the contents onto your desktop

2. Move both wlandump files into folder C:\Program Files\Wireshark\extcap

For wlan-extcap source and additional information go to GitHub: https://github.com/adriangranados/wlan-extcap

Step 3 - Verify Remote Capture Interface inWireshark

1. Open Wireshark

2. You should see 'Wi-Fi remote capture' in the list of available interfaces

wlan-extcap installation was successful

Step 4 - Perform Remote Wi-Fi Capture

The "Wi-Fi remote capture" interface allows you to perform remote Wi-Fi packet captures on a specified channel and channel width using a Linux device with a compatible Wi-Fi adapter (i.e. one that can be put into monitor mode).

Click the gear icon next to "Wi-Fi remote capture" to display the interface options, then choose the interface name, channel, and channel width you want to capture on.​

target wlan0 as the interface for performing the capture

All 802.11 channels are listed, however, the Wi-Fi adapter on the WLAN Pi device may support only a subset of them. If you choose a channel that is not supported by the Wi-Fi adapter or a channel width that doesn't apply to the selected channel, the capture will fail.

Go to the Server tab and enter the remote SSH server address. Check the IP address of the eth0 interface of your WLAN Pi using the Front Panel Menu System (The IP address required is shown on the top-level page of FPMS).

Go to the Authentication tab and enter the username and password​ you use to access your WLAN Pi.

Enter the credentials you have configured for your WLAN Pi

The password is not saved, this means every time you stop and start a new capture you will have to re-enter your password.

This hassle can be avoided by configuring passwordless SSH authentication to the WLAN Pi (we are not going to cover this here but details can be found here)

Click the Start button to begin capturing frames​.

...And you are away

Move on to the Windows frame capture lab to take a closer look at some captured frames.