Wireless Sniffing with Wireshark

Wireless networking is a complex field.With countless standards, protocols, and
implementations, it is not uncommon for administrators to encounter configuration
issues that require sophisticated troubleshooting and analysis mechanisms.
Fortunately,Wireshark has sophisticated wireless protocol analysis support to
help administrators troubleshoot wireless networks.With the appropriate driver support,
Wireshark can capture traffic “from the air” and decode it into a format that
helps administrators track down issues that are causing poor performance, intermittent
connectivity, and other common problems.
Wireshark is also a powerful wireless security analysis tool. Using Wireshark’s
display filtering and protocol decoders, you can easily sift through large amounts of
wireless traffic to identify security vulnerabilities in the wireless network, including
weak encryption or authentication mechanisms, and information disclosure risks.You
can also perform intrusion detection analysis to identify common attacks against
wireless networks while performing signal strength analysis to identify the location
of a station or access point (AP).
This chapter introduces the unique challenges and recommendations for traffic
sniffing on wireless networks.We examine the different operating modes supported
by wireless cards, and configure Linux and Windows systems to support wireless
traffic capture and analysis using Wireshark and third-party tools. Once you have mastered
the task of capturing wireless traffic, you will learn how to leverage Wireshark’s
powerful wireless analysis features, and learn how to apply your new skills.