Posts

Understanding Wireless Client Throughput From a Wireshark Capture

Image
I recently created a  video to look at how we understand the data throughput of a wireless client from an over the air Wireshark capture. We take a look at using the I/O Graph feature in Wireshark to achieve this. You can view the video below: References: YouTube video link Metageek Wireshark profile

Wireshark Showing FCS Fields as "Unverified" in Captures

Image
In a recent Wireshark 3.0.6 capture I noticed that FCS values for captured wireless frames were showing as "Unverified". I wasn't sure why this was the case, as I'm sure that Wireshark usually shows a "good" or "bad"  FCS indication. The image below demonstrates what I saw:   After some googling, I found a note that the FCS check was disabled by defaut in Wireshark 3.0.x as some NICs report the FCS check incorrectly.  The following process details how to re-enable the check:  Go to Edit -> Preferences -> Advanced in Wireshark. Enter "wlan.check" in the search bar: Double click on the "False" word for the attribute "wlan.check_checksum". This will toggle it to "True" (make sure you click on the "False" word, not anywhere else on the line).  Hit OK and see the change immediately in your capture decode: Hope this quick note may help someone in the future (...

Wireshark Plugin To Capture Wireless Frames Using a WLANPi (Windows 10)

Image
Want to be able to capture wireless frames via a WLANPi using just Wireshark on your Windows 10 machine? ...And be able to configure the capture configuration on the WLANPi using just Wireshark too?  Read on... (or checkout the video here ) Earlier this year, I put out a command-line script called WLANPiShark that allowed Windows 10 users to configure a WLANPi and initiate a frame capture stream in to Wireshark. Though a little clunky, it worked quite reliably for most of the time and, judging by feedback I received, was quite popular. As Windows users, we've always been the poor cousins to our Apple brethren who are able to use their Macbook to capture over the air using the internal NIC card of their Mac in monitor mode. Getting a low cost adapter that could be put in to monitor mode on a Windows machine was as rare as hen's teeth. Having access to the WLANPi and being able to fire up WLANPiShark opened up wireless capturing to many folks who have to use Wi