This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 21 and 22
Revision 21 as of 2005-09-17 15:37:20
Size: 4574
Editor: UlfLamping
Comment: move capture related to capturesetup page and set a link only!
Revision 22 as of 2005-09-17 16:18:32
Size: 5147
Editor: UlfLamping
Comment: add a section about 802.11 vs. Ethernet "fake"
Deletions are marked like this. Additions are marked like this.
Line 35: Line 35:

== 802.11 vs. Ethernet "fake" ==

Ethereal supports two ways how 802.11 traffic can be stored in a capture file:

 * "real" 802.11: the hardware/driver provided the actual protocol data that travels over the air
 * Ethernet "fake": the hardware/driver translated the 802.11 headers into Ethernet headers so that the whole packet looks like a normal Ethernet packet. While using this Ethernet "fake", all 802.11 specific management and control frames are discarded.

Detailed information about how to capture 802.11 traffic can be found at the: CaptureSetup page.

Wi-Fi (WLAN, IEEE 802.11)

Wi-Fi, or IEEE 802.11, is the standard for wireless LANs, or WLANs. The abbreviation Wi-Fi stands for Wireless Fidelity, and resembles the Hi-Fi acronym. It represents a whole collection of protocols within the same family of Ethernet and Token Ring.

It is specified by [http://standards.ieee.org/getieee802/802.11.html various IEEE 802.11 specifications].

IEEE 802.11 sends network packets from the sending host to one (["Unicast"]) or more (["Multicast"]/["Broadcast"]) receiving hosts.

The 802.11 protocols specify a wireless shared network, which means that the maximum bandwidth is only available to one user at a time.

/!\ See CaptureSetup page for instructions how to capture from WLAN's (including monitor mode) and other media.

802.11 Standards

The basic 802.11 standards are:

  • 802.11 (2MBit/s 2.4GHz) First generation of WLAN equipment; allows 1 and 2 Mbps.
  • 802.11b (11MBit/s 2.4GHz) Second generation of WLAN equipment, and the first generation to receive widespread use; allows 1, 2, 5.5 and 11 Mbps.
  • 802.11a (54MBit/s 5GHz)
  • 802.11g (54MBit/s 2.4GHz)

Some additional 802.11 standards are:

  • 802.11i (Security WPA1 and WPA2) No change to data rate. Improvement in security.
  • 802.11h (Spectrum and Transmit Power Management)
  • 802.11e (Quality of service, packet busting)
  • 802.11d International (country-to-country) roaming extensions
  • 802.11f Inter-Access Point Protocol (IAPP)
  • 802.11j Extensions for Japan

History

XXX - add a brief description of 802.11 history

802.11 vs. Ethernet "fake"

Ethereal supports two ways how 802.11 traffic can be stored in a capture file:

  • "real" 802.11: the hardware/driver provided the actual protocol data that travels over the air
  • Ethernet "fake": the hardware/driver translated the 802.11 headers into Ethernet headers so that the whole packet looks like a normal Ethernet packet. While using this Ethernet "fake", all 802.11 specific management and control frames are discarded.

Detailed information about how to capture 802.11 traffic can be found at the: CaptureSetup page.

Protocol dependencies

  • 802.11 is the lowest software layer, so it only depends on hardware.

Example traffic

One ICMP Ping Request and response session from Station(STA1 to station(STA2) via Access point(AP)BR ICMP ECHO requestBR

  • ICMP Echo request (802.11 data packet with source STA1, Destination STA2, To DS bit set) This packet is transmitted from STA1 and recieved by APBR

  • ACK(802.11 control packet, dest STA1) This packet is transmitted by AP and recieved by STA1 BR

  • ICMP Echo request (802.11 data packet with source STA1, Destination STA2, From DS bit set) This packet is transmitted by AP and recieved by STA2.BR

  • ACK(802.11 control packet Dest AP) This packet is sent to AP by STA2 to acknowledge reciept of the Echo request packet.

ICMP ECHO ResponseBR

  • ICMP Echo response(802.11 data packet with source STA2, Destination STA1, To DS bit set) This packet is transmitted from STA2 and recieved by APBR

  • ACK(802.11 control packet, dest STA2) This packet is transmitted by AP and recieved by STA2BR

  • ICMP Echo response (802.11 data packet with source STA2, Destination STA1, From DS bit set) This packet is transmitted by AP and recieved by STA1.BR

  • ACK (802.11 control packet Dest AP) This packet is sent to AP by STA1 to acknowledge reciept of the Echo response packet.

XXX - Add example traffic here (as Ethereal screenshot).

Ethereal

The 802.11 dissector is fully functional.

Capturing 802.11 traffic can be tricky, see CaptureSetup page for instructions how to capture from WLAN's (including monitor mode) and other media.

Preference Settings

(XXX add links to preference settings affecting how 802.11 is dissected).

Example capture file

XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

Display Filter

A complete list of 802.11 display filter fields can be found in the [http://www.ethereal.com/docs/dfref/w/wlan.html display filter reference]

  • Show only the 802.11-based traffic:

     wlan 

    Show only the 802.11-based traffic to and from 802.11 MAC address 08:00:08:15:ca:fe:

     wlan.addr==08.00.08.15.ca.fe 

Capture Filter

  • Capture only the 802.11-based traffic to and from 802.11 MAC address 08:00:08:15:ca:fe:

     wlan host 08:00:08:15:ca:fe 

Note that older versions of libpcap won't support "wlan" - you might have to use "ether" or "link" on those versions. (Those versions won't support capturing raw 802.11 traffic, and might not support 802.11 capture at all.)

See CaptureSetup page for instructions how to capture from WLAN's (including monitor mode) and other media.

Discussion

Wi-Fi (last edited 2015-04-16 11:15:32 by EnderWiggin)