Professional Documents
Culture Documents
WiFi Troubleshooting Using Wireshark - Network Computing PDF
WiFi Troubleshooting Using Wireshark - Network Computing PDF
WiFi Troubleshooting Using Wireshark - Network Computing PDF
(/) (/Search)
WIRELESS INFRASTRUCTURE
07/19/2016
7:00 AM
Rating:
0
votes
+ -
Like 0
Tweet
Share
When it comes to open-source tools for network engineers, a top choice is Wireshark, created in 1997 by Gerald
Combs, who needed a tool to track network problems. Originally named Ethereal, the network analyzer is
supported by a community that has added additional dissectors, features, and bug fixes.
Wireshark isn't just for wired networks; wireless network engineers can utilize the tool to help them troubleshoot
and diagnose various WiFi issues. Before getting into the details of using Wireshark to capture WiFi traffic, let's go
over the particular requirements.
In a Windows operating system, you need a network card capable of capturing wireless frames. The built-in
network card is not capable of this because drivers may not allow a user to manually select a channel, or to
place the wireless network in monitor mode.
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 1/13
On macOS,
01/10/2018 an engineer can natively collect
WiFiwireless frames
Troubleshooting through
Using the| Network
Wireshark built-inComputing
wireless card. I highly
recommend a free application called Airtool (https://www.adriangranados.com/apps/airtool), which
simplifies the capture of wireless frames in macOS by allowing easy channel selection and parameter
modification. For example, you may want to capture frames on a 40MHz channel. It’s also possible to simply
select an individual channel on either the 2.4 GHz or 5 GHz spectrum.
A counter displays the numbers of frames collected, and when you stop the capture, it's saved as a .pcap filed,
which is saved to a location of your choice and automatically opened in Wireshark.
When opening Wireshark, you'll see a number of columns displaying various types of information. The application
is broken out into three sections: frame capture list, frame information, and frame bytes.
With all this information in hand, a wireless network engineer can dive into detailed analysis by observing the
source and destination MAC addresses, the type of frame by looking at the Frame Control Field, and more.
For example, you can view an SSID’s capabilities by examining a beacon frame from the access point. Within the
beacon frame, the Frame Control Field will indicate that the beacon frame is a management frame with a subtype
value of 1000.
The tagged parameters of the wireless management frame shows what the service set supports, such as the
basic data rates, security, high-throughput capabilities, and vendor-specific capabilities. Digging into this
information can help an engineer troubleshoot issues regarding client connectivity to an access point.
In addition to troubleshooting client connectivity, you can view client frame exchanges through Wireshark. An
example is device authentication and authorization with an access point.
Sponsored Content
5 Common Pitfalls of SD-WAN Adoption
(http://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjsscx9WByTM1ssyLR7kG7_fEs7AufLg
7CHVtoeMm3FVpPvMsJG34iGVkfWydrs8U4EDtJdI4l0dnQajBnyBcN970NZ86RhjBDFhtLBuYm_cBbEfp
F9MkEV7cp_YohAvaNwIi1OfXZJpjjbKn_dVUBp-
lZGdfY5QRtmGwE4sdcEcSvioqShem9ncR4nUYB3nGHxpFqeoyrkY12SmiUehnjZCNtV2PHbFlyXqGkDv
XAcHIZ5Vk821RyMFSGo4nBJWG3gV2lVFVqZuPI5_M4WJl%2526sig%253DCg0ArKJSzDa_s1rk7g_fEAE
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 2/13
01/10/2018 %2526urlfix%253D1%2526adurl%253Dhttp://www.informationweek.com/whitepaper
WiFi Troubleshooting Using Wireshark | Network Computing
/infrastructure-as-a-service/cloud/five-common-pitfalls-of-sd-wan-
adoption/400333%3Fcid%3Dmp_nc_natvad%26_mc%3Dmp_nc_natvad)
Here's are some valuable lessons from the first wave of enterprises to adopt SD-WAN.
Brought to you by Intelligent Demand
(http://adclick.g.d
oubleclick.net/pcs
/click%253Fxai%2
53DAKAOjsscx9
WByTM1ssyLR7k
G7_fEs7AufLg7C
HVtoeMm3FVpPv
MsJG34iGVkfWyd
rs8U4EDtJdI4l0dn
QajBnyBcN970NZ
86RhjBDFhtLBuY
m_cBbEfpF9MkE
V7cp_YohAvaNwIi
1OfXZJpjjbKn_dV
UBp-
lZGdfY5QRtmGw
E4sdcEcSvioqSh
em9ncR4nUYB3n
GHxpFqeoyrkY12
SmiUehnjZCNtV2
PHbFlyXqGkDvX
AcHIZ5Vk821RyM
FSGo4nBJWG3gV
2lVFVqZuPI5_M4
WJl%2526sig%25
3DCg0ArKJSzDa_
s1rk7g_fEAE%25
26urlfix%253D1%
2526adurl%253Dh
ttp://www.informa
tionweek.com/whi
tepaper/infrastruc
ture-as-a-
service/cloud/five
-common-pitfalls-
of-sd-wan-
adoption/400333
%3Fcid%3Dmp_n
c_natvad%26_mc
%3Dmp_nc_natva
d)
Encrypted frames
When capturing frames from a wireless network with WEP or WPA/WPA2 security, the details of the frame are
encrypted preventing you from seeing details. If you know the password, you can decrypt the contents. Within
Wireshark’s Preferences, under IEEE 802.11, enable decryption and insert the wireless network’s password to
create the decryption key.
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 3/13
01/10/2018 WiFi Troubleshooting Using Wireshark | Network Computing
With the thousands of packet captures gathered by Wireshark, it is possible to look at the data in a different way
using graphs. One example is viewing how many retry frames were detected out of the total amount captured.
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 4/13
01/10/2018 WiFi Troubleshooting Using Wireshark | Network Computing
To get a sense of how many retries occurred during your capture, navigate to Statistics > I/O Graph. In the graph
window, click on the plus icon to add a new data point and rename it “retries.” Add a display filter of “wlan.fc.retry
== 1” and change the color of this filter to red. Modify the Y Axis to display Packets/s, and enable “All packets.”
Now there is a graphical representation of the number of retries from your Wireshark capture.
By default, Wireshark doesn’t display any WiFi related columns. But it’s actually quite easy to add columns once
you are aware of what kind of display filters you can work with.
Let’s say you want a column displaying the Duration of a frame. This would help you determine how much air time
devices are using to communicate on the wireless medium.
To add a column, right click on any existing column and select Column Preferences. Any column with a checkbox
indicates it is displayed in the Wireshark Frame List. Click the plus icon to add a new column. Give the column the
name of “Duration,” a type of “Custom,” and a field name of "wlan.duration." Then click OK to close the column
preferences window.
When viewing the list of frames, you can now see the Duration value which is taken from the Duration field of the
802.11 wireless header.
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 5/13
01/10/2018 WiFi Troubleshooting Using Wireshark | Network Computing
Channel (wlan_radio.channel) - This can be used if you have an aggregated list of frames captured from
different channels.
Data rate (wlan_radio.data_rate) - To view what data rate the frame was sent at by the transmitter.
MCS Index (wlan_radio.11n.mcs_index or wlan_radio.11ac.mcs) – To identify what MCS index was used by
a transmitter of a frame. This is useful for 802.11n and 802.11ac.
Display filters
Sifting through hundreds or even thousands of wireless frames in Wireshark can feel like looking for a needle in a
haystack. Fortunately, it is possible to narrow down a search through the use of display filters.
Display filters are used to identify specific types of frames or packets. There are many different fields and
information elements to search on. Display filters are very specific so it can be frustrating at times when trying to
find out which display filter to begin with. Here are some common filters:
Wireshark is an indispensable tool for network troubleshooting. Knowing the ins and outs of Wireshark will help
turn a wireless network engineer into a network analysis expert.
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 6/13
We welcome
01/10/2018 your comments on thisWiFi
topic on our social
Troubleshooting media| channels,
Using Wireshark or [contact us directly]
Network Computing
with questions about the site.
(https://www.networkcomputing.com/about-us)
MORE INSIGHTS
Webcasts
The Network of the Future is Powered by AI (https://webinar.informationweek.com/4854?
keycode=sbx&cid=smartbox_techweb_webcast_8.500000852)
Purple Team Tactics & TI for Effectively Training Your Cybersecurity Team
(http://webinar.darkreading.com/3676?keycode=sbx&cid=smartbox_techweb_webcast_8.500000850)
MORE WEBCASTS (/webinar_upcoming)
White Papers
Protecting ATM Networks, a Deception Approach (http://www.informationweek.com/whitepaper/security-
management-and-analytics/security-monitoring/a-deception-approach-to-protecting-atm-networks/400483?
cid=smartbox_techweb_whitepaper_14.500003361)
The Essential Guide to Security (http://www.informationweek.com/whitepaper/security-monitoring/endpoint-
security/the-essential-guide-to-security/397363?cid=smartbox_techweb_whitepaper_14.500003266)
MORE WHITE PAPERS (http://www.informationweek.com/whitepaper/Infrastructure)
Reports
2017 State of IT Report (http://reg.interop.com/stateofit?
kcode=nwc_rptbx&cid=smartbox_techweb_report_7.300005737)
How Enterprises Are Attacking the IT Security Problem
(http://www.informationweek.com/whitepaper/cybersecurity/security-monitoring/[strategic-security-report]-
how-enterprises-are-attacking-the-cybersecurity-challenge/390403?
cid=smartbox_techweb_report_7.300005733)
MORE REPORTS (http://www.informationweek.com/whitepaper/search?querytext=&search-results-
topics=infrastructure&search-results-subtopics=&search-results-
company=53472&startdatetimepicker=&enddatetimepicker=&search-results-format-researchreport=on)
SLIDESHOWS
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 7/13
01/10/2018 WiFi Troubleshooting Using Wireshark | Network Computing
CARTOON
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 8/13
01/10/2018 WiFi Troubleshooting Using Wireshark | Network Computing
(/cloud-infrastructure/multi-cloud-management-tricky-business/1880400952)
WEBINARS
WHITE PAPERS
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 9/13
Definitive
01/10/2018 Guide to Software-Defined Perimeters
WiFi Troubleshooting Using Wireshark | Network Computing
(http://www.informationweek.com/whitepaper/infrastructure/data-centers/definitive-guide-to-software-defined-
perimeters/401003?cid=smartbox_techweb_whitepaper_14.500003385)
6 Keys to Faster Phishing Mitigation (http://www.informationweek.com/whitepaper/network-and-perimeter-
security/security/6-keys-to-faster-phishing-mitigation/401233?
cid=smartbox_techweb_whitepaper_14.500003383)
SOC-as-a-Service for Cloud Infrastructures and SaaS Applications
(http://www.informationweek.com/whitepaper/cloud-security/security-management-and-analytics/soc-as-a-
service-for-cloud-infrastructures-and-saas-applications/400763?
cid=smartbox_techweb_whitepaper_14.500003366)
CURRENT ISSUE
(http://www.networkcomputing.com/nwcdigital/20171107?cid=smartbox_techweb_nwcdigital_20171107)
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 10/13
01/10/2018 WiFi Troubleshooting Using Wireshark | Network Computing
VIDEO
(/storage/does- (/networking/tom-
hyperconverged- hollingsworth-
infrastructure-save- networkings-
money/1709320553? transition-
itc=AD_NWC_VID_R software/377321358
HC_VIDBOX) ?
Does itc=AD_NWC_VID_R
Hyperconverged HC_VIDBOX)
Tom Hollingsworth
on Networking's
REPORTS
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 11/13
01/10/2018 WiFi Troubleshooting Using Wireshark | Network Computing
[Ponemon Report] The Value of Threat Intelligence
(https://www.informationweek.com/whitepaper/security-management-and-
analytics/security-platforms/the-value-of-threat-intelligence-the-2017-ponemon-
report/393183?cid=smartbox_techweb_analytics_7.300005738)
DOWNLOAD NOW! (https://www.informationweek.com/whitepaper/security-management-and-analytics/security-platforms/the-value-of-threat-intelligence-the-
2017-ponemon-report/393183?cid=smartbox_techweb_analytics_7.300005738)
TWITTER FEED
Tweets about "from:networkcomputin OR @networkcomputin OR #networkcomputin" (https://twitter.com/search?
q=from%3Anetworkcomputin+OR+%40networkcomputin+OR+%23networkcomputin)
ABOUT US (/about-us)
ADVERTISE (http://createyournextcustomer.com/contact-me/)
REPRINTS (http://www.wrightsreprints.com/reprints/?magid=2200)
TWITTER (https://twitter.com/networkcomputin)
FACEBOOK (https://www.facebook.com/networkcomputingcom)
LINKEDIN (https://www.linkedin.com/groups/4403419)
GOOGLE+ (https://plus.google.com/+Networkcomputingcom/posts)
RSS (/feeds)
(http://www.ubmtechweb.com/)
TECHNOLOGY GROUP
COMMUNITIES SERVED
Enterprise IT (http://tech.ubm.com/community-brands/enterprise-it/)
WORKING WITH US
Solutions (http://createyournextcustomer.techweb.com/)
Contact Us (http://tech.ubm.com/contact-us/)
Licensing (https://wrightsmedia.com/sites/ubm/index.cfm)
Terms of Service | Privacy Statement | Legal Entities | Copyright © 2018 UBM, All rights reserved
https://www.networkcomputing.com/networking/wifi-troubleshooting-using-wireshark/1555390832 13/13