This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to capture 802.11ac packets with wireshark?

0

Hi! I am new to wireshark and I am curently trying to figure out if there is any modification that needs to be done to the source code in order to capture and analyze 802.11ac packets. I found something on the internet about some VHT radiotaps that need to be added. Also, I suppose I need a capture card in order to be able to use wireshark on 802.11ac right? Thanks!

asked 30 Oct '12, 07:17

mikidi's gravatar image

mikidi
1112
accept rate: 0%


One Answer:

2

I found something on the internet about some VHT radiotaps that need to be added.

Fortunately, radiotap was designed to be extensible in a fashion that allows programs unaware of new features to still handle the old stuff. If Wireshark doesn't know about the new VHT fields, it will still be able to handle 802.11ac packets, it just won't show the information in those fields, so, while it would be a Good Thing if Wireshark's radiotap dissector were to be enhanced to handle those fields, it's not an immediate requirement.

Also, I suppose I need a capture card in order to be able to use wireshark on 802.11ac right?

On Windows, yes, unless you only want to capture traffic to and from the host running Wireshark. On Linux/*BSD/OS X, you'd obviously need a network adapter that supports 802.11ac, but if you have a machine that already has such an adapter, that would be sufficient - you don't need a separate adapter for capturing (unless you want to remain associated to a wireless network while capturing in monitor mode and the driver and OS don't support that, but that's not an issue specific to ac).

Wireshark might have to be modified to handle any changes to the 802.11 frame format for 802.11ac, such as the new type and subtype values in the copy of Draft 10 that I have.

answered 30 Oct '12, 12:46

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%