hysical layer info in wireless packet captures


OmniPeek 6.8 (Ralink USB adapter)
In Wireshark, an OmniPeek capture uses an Airopeek header, which looks like this:
             image002.png
Note that Wireshark (as of 1.6.x) doesn’t know how to decode all the wireless metadata in an OmniPeek capture – the same frame viewed in OmniPeek itself shows Signal dBm, Noise Level and Noise dBm:
             image003.png

Applying wireless files as Wireshark columns

It is very often much easier to understand what’s going on with a wireless sniff, if you have applied the wireless fields as columns.  Here’s how to do this:
1. Locate the field of interest in the packet details section (first expanding the applicable header section if necessary) and right-click it.  Select Apply as Column:
        image005.png
2.   The new column appears.  Now you can resize, rename (by right clicking the column header and selecting “Edit Column Details”), and move the column as desired.
3.   Repeat for other columns of interest.  Now you have a better handle on the physical layer aspects of your capture:
     image006.png

4.   Once you’ve applied the new column, the next time you run Wireshark, the column will be available (if you don’t see it, right-click the column headers and select Displayed Columns.)


https://supportforums.cisco.com/document/100116/80211-sniffer-capture-analysis-physical-layer

Labels: ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)