Lesson 2: Wireless Traffic Capture
Capture and analyze wireless traffic using Wireshark and specialized tools.
Objectives
- Configure Wireshark for wireless capture
- Capture WiFi management frames
- Analyze beacon frames and probe requests
- Monitor client associations and handoffs
Traffic Capture
# Capture with Wireshark sudo wireshark -i wlan0mon # Command line capture sudo tcpdump -i wlan0mon -w wifi_capture.pcap # Capture specific frames sudo tcpdump -i wlan0mon -w beacons.pcap type mgt subtype beacon
Analysis Filters
# Wireshark filters wlan.type == 0 # Management frames wlan.fc.type == 0 # Management frames wlan.fc.subtype == 8 # Beacon frames wlan.fc.subtype == 4 # Probe requests wlan.fc.subtype == 5 # Probe responses # Client tracking wlan.addr == 00:11:22:33:44:55