I'm doing some analysis on a wireshark network trace. How to find the connection type of the underlying network? (eg: wireless) Is it possible to obtain this information from packet analysis? Thanks in advance. Lasith. asked 07 Sep '13, 07:21  Lasith Erand... |
One Answer:
You could take a look at the lowest layer you find in the trace - if there's a 802.11 radio layer it's most certainly wireless. If there's an Ethernet layer, it's (in most cases) Ethernet. If there's TokenRing, it's TokenRing. But you can also take a look at the Summary option in the Statistics menu, and look at the "Encapsulation" that is mentioned. answered 07 Sep '13, 07:41  Jasper ♦♦ |
From your comments I was able to find that packets are sent through Ethernet. But my network connection is a wireless one. How can I distinguish whether the network is wired or wireless?
If you captured the frames on Windows and did not use the AirPCAP adapter you will only be able to capture from Ethernet layer up, and it will look like it was just an wired Ethernet trace. I'm not sure if there is any way to tell from that kind of trace that it was actually a wireless connection - maybe if you saved the file in PCAPng format you can tell from the interface name that is also mentioned in the Statistics, but that once again won't help on Windows (because it is using GUIDs that won't tell you much unless you have access to the PC the trace was captured on)
The same also applies on most UN*Xes if you're not capturing in monitor mode.
So you'd either have to look for protocols used by Wi-Fi devices (e.g., by access points) or look for something such as packet loss patterns that are more likely on Wi-Fi than Ethernet. (I don't have any suggestions to make for either of those cases.)
How did you capture the wifi traffic?