I have been successful in capturing wireless traffic in monitor mode using the tcpdump -ni option and even decrypt the WEP traffic, using wireshark, on my network that I was monitoring. But my router was configured to AUTO option for the channel. While capturing this mode, am able to various other traffic along with mine. How do I capture traffic from only the AP that I want to monitor and also monitor a particular channel of it? Thanks in advance, Kartz asked 26 Nov '13, 22:52  Kartzoft edited 26 Nov '13, 22:53 |
One Answer:
You could use capture filters to isolate the traffic to/from a particular AP. The example provided on the Wireshark Wi-Fi wiki page is: For more information on the capture filter syntax, refer to the pcap-filter man page. As for monitoring a particular channel, from the Wireshark WLAN Capture Setup wiki page: Put the card into monitor mode with the command ifconfig interface monitor. You can also set the channel to monitor by adding the argument channel channel_number to that command. Refer to the wiki page for more details. answered 29 Nov '13, 08:32  cmaynard ♦♦ |
