This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture bad 802.11b packet

0

I want to capture the 802.11b packets with bad CRC. Actually I am sending the packets from some terminal A to terminal B and creating self-defined interference to toggle the bitstream of the packets so that CRC may not be passed. I want to capture that packet for analysis purpose. Any help would be greatly appreciated Nadeem SEECS, NUST

asked 04 May '11, 11:11

Nadeem's gravatar image

Nadeem
1111
accept rate: 0%

What platform are you running? Windows, Linux, something else?

(04 May '11, 11:43) Gerald Combs ♦♦

I am using fedora 12 and do not have Airpcap Adapter. Now what is the solution ?

(04 May '11, 21:34) Nadeem

3 Answers:

1

If you're on a Windows host, consider using the AirPcap adapter for capture and setting it to "invalid frames" in the FCS filter setup in either the AirPcap Control Panel or the Capture Options Wireless Settings.

answered 04 May '11, 14:00

lchappell's gravatar image

lchappell ♦
1.2k2730
accept rate: 8%

1

The solution is to capture in monitor mode; fortunately, Linux does a pretty good job of supporting monitor mode.

You may need to capture on a machine other than terminal A or B; that machine must have an 802.11 adapter (which does not have to be an AirPcap adapter - AirPcap adapters aren't supported on any OS other than Windows).

If the Wireshark dialog box that pops up if you select "Options" from the "Capture" menu has a "Capture packets in monitor mode" checkbox, select your 802.11 adapter in the "Interface" box; that should make the "Capture packets in monitor mode" checkbox active. Check it, and then start the capture. (You will need to run Wireshark 1.4.x or one of the builds from the trunk to get that dialog box. Unfortunately, from a quick look at pkg.fedora.org, Fedora 12 comes with Wireshark 1.2.x.)

Otherwise, you'll have to put the adapter into monitor mode by hand. The easiest way to do that is probably with airmon-ng. This might create a new network interface, e.g. "mon0", on which you'd do the capturing.

answered 05 May '11, 16:35

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

0

Thanks. But in monitor mode, wireshark captures packets from all the SSIDs in range. I dont want to do this and Use Promiscous mode so that get communicated through only one SSID. Second, the question still remains that how would I know that the Packet is not the one retransmitted and it is the actually corrupt packet. Because I ve to do a correspondence between the originally sent packet and received corrupted packet.

answered 08 May '11, 00:19

Nadeem's gravatar image

Nadeem
1111
accept rate: 0%