This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.

Wi-Fi (WLAN, IEEE 802.11)

Wi-Fi, or IEEE 802.11, is the standard for wireless LANs, or WLANs. The abbreviation Wi-Fi stands for Wireless Fidelity, and resembles the Hi-Fi acronym. It represents a whole collection of protocols within the same family of Ethernet and Token Ring.

It is specified by [http://standards.ieee.org/getieee802/802.11.html various IEEE 802.11 specifications].

IEEE 802.11 sends network packets from the sending host to one (["Unicast"]) or more (["Multicast"]/["Broadcast"]) receiving hosts.

The 802.11 protocols specify a wireless shared network, which means that the maximum bandwidth is only available to one user at a time.

/!\ See the ["CaptureSetup/WLAN"] page for instructions how to capture from WLAN's (including monitor mode), and see the CaptureSetup page for general information on capturing on WLAN's and other media.

802.11 Standards

The basic 802.11 standards are:

Some additional 802.11 standards are:

History

XXX - add a brief description of 802.11 history

802.11 vs. "fake Ethernet" captures

When capturing with Wireshark (or other tools using libpcap/WinPcap, such as TcpDump / WinDump) there are two ways in which 802.11 can be supplied by the system and stored in a capture file:

Detailed information about how to capture 802.11 traffic can be found at the ["CaptureSetup/WLAN"] page.

Protocol dependencies

Example traffic

One ICMP Ping Request and response session from Station(STA1 to station(STA2) via Access point(AP)BR ICMP ECHO requestBR

ICMP ECHO ResponseBR

XXX - Add example traffic here (as Wireshark screenshot).

Wireshark

The 802.11 dissector is fully functional.

Capturing 802.11 traffic can be tricky, see CaptureSetup page for instructions how to capture from WLAN's (including monitor mode) and other media.

Preference Settings

(XXX add links to preference settings affecting how 802.11 is dissected).

Example capture file

XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of 802.11 display filter fields can be found in the [http://www.wireshark.org/docs/dfref/w/wlan.html display filter reference]

Capture Filter

Note that older versions of libpcap won't support "wlan" - you might have to use "ether" or "link" on those versions. (Those versions won't support capturing raw 802.11 traffic, and might not support 802.11 capture at all.)

See CaptureSetup page for instructions how to capture from WLAN's (including monitor mode) and other media.

Discussion