I'm trying to use dumpcap to capture 802.11 traces on a Windows machine (using an AirPcap Nx). I need to set the wifi channel, but I haven't been able to get the -k option to work. Should this work? If so, what is the syntax? If not, is there another alternative? asked 25 Mar '15, 10:06 V Capps |
One Answer:
According to the dumpcap code the wifi channel setting is done through libnl which is only available for Linux, so it won't work on Windows and I don't think that libnl supports AriPcap on Linux (if you tried that as well). So, the dumpcap option -k does nothing on a Windows system. You can (probably) set the AriPcap channel on the CLI with a python script (apc-channel.py), and then run dumpcap afterwards.
You'll probably have to modify the script, as it's doing channel hopping by default. Regards answered 25 Mar '15, 18:08 Kurt Knochner ♦ Thanks for the info. I'll take a look at the python script and see if I can modify it to work for what I'm trying to do. (25 Mar '15, 20:27) V Capps A few quick modifications to apc-channel.py, and I now have a python script that sets the AirPcap to the specified channel. Thanks for your help! (25 Mar '15, 21:20) V Capps You're welcome. Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. For extra points you can up vote the answer (thumb up). (26 Mar '15, 01:36) Kurt Knochner ♦ Please file a bug report against (26 Mar '15, 07:07) cmaynard ♦♦ Yes, currently -k is Linux-only. Sadly, there do not yet exist libpcap APIs to allow the 802.11 channel to be set in a platform-independent fashion, so Wireshark needs to have its own platform-dependent code to do that, and that code has only been written for Linux so far. (26 Mar '15, 14:27) Guy Harris ♦♦ |
I also tried this on a Mac and couldn't get the -k option to work on that, either.
Some questions
I've tried Wireshark 1.12.3 and 1.12.4.
I was running dumpcap from the cmd prompt so I could use the ringbuffer option, but I've simplified the options while trying to get -k working. The AirPcap is interface 1.
When I enter the following, nothing happens, and I immediately get a cmd prompt back: dumpcap -i 1 -k 2427,HT20 -w test.pcap
If I leave out the "-k 2427,HT20" part, it says, "Capturing on 'AirPcap USB wireless capture adapter nr. 00'", etc. and proceeds to capture packets as expected.
I've tried several different things for the -k syntax, but they all just return without doing anything. Or, if I use something like "-k 2427" (with no comma), I get the error, "dumpcap: 1: Failed to init ws80211: Operation not permitted".