- Cisco Employee,
In order to understand how and why 802.11 (WiFi) devices behave as they do, it is invaluable to perform a wireless packet capture ("sniffer".) This can be especially important when working with Cisco TAC to resolve a technical problem. The following articles will help you to choose and use a wireless sniffer.
- Fundamentals of Wireless Sniffing - some important guidelines
- Wireless Sniffing using a Mac with OS X 10.6 and above
- Wireless Sniffing with Windows 7 with Netmon 3.4
- Collecting a wireless sniffer trace using the Cisco Lightweight AP in Sniffer mode
- OmniPeek Remote Assistant
To analysis these captures, refer to the links below, they are designed to be read in order since each document will build upon the preceding document. Bear in mind that when reading any wireless trace, its a good idea to understand the 802.11 Wireless specifications. While these documents will do a great job at helping you understand the packet flow and what to look for in a wireless trace, they are not meant to teach the 802.11 Wireless specifications.
- 802.11 - Physical Layer
- 802.11 - Wireshark filtering
- 802.11 - Management Frames and Open Authentication
- 802.11 - WPA/WPA2 with PSK or EAP Authentication
- 802.11 - Multicast
- 802.11 - Web Authentication
Here is a reference to the Wikipedia article on the 802.11 specifications: IEEE 802.11 Standards