Wireless Analysis Resources

Wireless traffic capture and analysis can be a tricky business and is often seen as something of a dark art to newcomers to the world of Wi-Fi. There are a huge variety of options when considering how to capture wireless traffic over the air, with many of the solutions being paid-for options that may be out of reach for many individuals.

Many people approaching wireless analysis may already be familiar with Wireshark, based on their previous experience on wired networks, where they may have used it for troubleshooting and analysis purposes.  They may wonder if they can use Wireshark for their initial foray into wireless analysis.  Using Wireshark for wireless capture and analysis on Wi-Fi networks can be a little tricky and presents the newcomer with a whole new slew of frame types to learn.

There are many good articles, videos and podcasts out there looking at wireless analysis, particularly if Wireshark is your tool of choice. I thought it would be good to pull them together in one place to make it easier for the newcomer to find the resources they may need. I've grouped together various resources below that will hopefully help those on their Wireshark/wireless analysis journey.

Please let me know if you have other resources that you find or have found useful yourself (wifinigel@gmail.com)

Wireless Capture:

• WiFiNigel - (Blog/Video) - Understanding Wireless Client Throughput From a Wireshark Capture
• Eddie Forero - (Video) -  Ep. 004: PCAP'n with Eddie! Multi Channel Wireless Packet Capture on the LINUX!
• Eddie Forero - (Video) - Ep. 003: PCAP'n with Eddie! - Multi-channel Captures in Windows
• WiFiNigel - (Blog) Wireshark Plugin To Capture Wireless Frames Using a WLANPi (Windows 10)
• Adrian Granado - (GitHub) - Cross platform Wireshark plugin for Wireless Capture using a WLANPi (wlan-extcap)
• Eddie Forero - (Video) Ep 001: PCAP'n with Eddie!: How to do a Wireless Packet Capture on the Mac
• Eddie Forero - (Video) Ep. 002: PCAP'n w/ Eddie! - Wireless packet capture on the Windows!
• Eddie Forero: (Blog) Options for Wireless Packet Capture in Windows
• WiFiHax: (Blog) Wireshark 3.0 - Raw Wireless Capture in Windows
• WifiNigel: (Blog) What are Radio Tap Headers?  
• WiFiNigel:(Blog) WLANPiShark: Wireless Capture With a WLANPi on Windows
• WiFiNigel: (Blog): Wireshark Capture Filters for 802.11 
• Revolution Wi-Fi:  Wireshark WLAN Traffic Statistics and IO Graphs
• SemFio Networks: (Blog): Wireshark - Most Common 802.11 Display Filters
• WLAN Pros: (Blog) 802.11 Wireshark Filters Chart
• Zeeshan Haider: (Blog) Wireshark Display Filters  
• WiFiNinjas: (Blog) Wireshark Filters
• Packet-Foo: (Blog): Wireless Capture on Windows  
• Andrew McHale (Video): Voice Traffic Protocol Analysis 
• Revolution Wi-Fi (Blog): Using Wireshark Coloring Rules to Enhance Wi-Fi Protocol Analysis
• Revolution Wi-Fi (Blog): Wi-Fi roaming analysis using Wireshark
• Jim Vajda (Blog):  Roaming Analysis using only a Mac and Wireshark

Wireshark Customization:

• Eddie Forero:(Video) SharkTIPS! My Favorite Wireshark Customizations (Part 1)
• Eddie Forero: (Video) WiFiShark Fu | Eddie Forero | WLPC Phoenix 2019
• WiFiNigel: (Blog) WLAN Packet Capture - Frame Colorization in Wireshark
• WiFiNigel:(Blog) Wireshark Custom Columns For Wireless Captures 
• Metageek/Joel Crane (Blog): Import Eye P.A. Coloring Rules for Wireshark
• Metageek/Joel Crane (Blog): Wireshark Configuration Profile

Wireless Analysis Podcasts:

• WN Podcast 017 – Protocol Analysis Talk with Peter MacKenzie – Part 1 
• WN Podcast 018 – Protocol Analysis Talk with Peter MacKenzie – Part 2
•  CTS 047: Troubleshooting WiFi With Wireshark

CWAP Study Notes:

• MRN-CCIEW: (Blogs): My CWAP Study Notes 
• WiFiNigel: (Blog): CWAP Study Notes Files 

Books:

• CWAP Study Guide (Classic edition)
• CWAP Study Guide (Current)

Paid-for Online Training:

• (InformIT) Wireshark for Wireless LANs LiveLessons

Online (Cloud) Capture Analysis Tools:

• Arista Packets : https://packets.arista.com