This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Does dumpcap’s -k option work in Windows (using AirPcap)?

0

I'm trying to use dumpcap to capture 802.11 traces on a Windows machine (using an AirPcap Nx). I need to set the wifi channel, but I haven't been able to get the -k option to work. Should this work? If so, what is the syntax? If not, is there another alternative?

asked 25 Mar '15, 10:06

V%20Capps's gravatar image

V Capps
5225
accept rate: 0%

I also tried this on a Mac and couldn't get the -k option to work on that, either.

(25 Mar '15, 15:41) V Capps

Some questions

  • what is your Wireshark version
  • how did you start dumpcap (all CLI options)
  • what is the dumpcap behavior
(25 Mar '15, 16:48) Kurt Knochner ♦

I've tried Wireshark 1.12.3 and 1.12.4.

I was running dumpcap from the cmd prompt so I could use the ringbuffer option, but I've simplified the options while trying to get -k working. The AirPcap is interface 1.

When I enter the following, nothing happens, and I immediately get a cmd prompt back: dumpcap -i 1 -k 2427,HT20 -w test.pcap

If I leave out the "-k 2427,HT20" part, it says, "Capturing on 'AirPcap USB wireless capture adapter nr. 00'", etc. and proceeds to capture packets as expected.

I've tried several different things for the -k syntax, but they all just return without doing anything. Or, if I use something like "-k 2427" (with no comma), I get the error, "dumpcap: 1: Failed to init ws80211: Operation not permitted".

(25 Mar '15, 17:38) V Capps

One Answer:

1

According to the dumpcap code the wifi channel setting is done through libnl which is only available for Linux, so it won't work on Windows and I don't think that libnl supports AriPcap on Linux (if you tried that as well). So, the dumpcap option -k does nothing on a Windows system.

You can (probably) set the AriPcap channel on the CLI with a python script (apc-channel.py), and then run dumpcap afterwards.

http://blog.didierstevens.com/2008/06/10/quickpost-wifi-channel-hopping-with-an-airpcap-adapter/

You'll probably have to modify the script, as it's doing channel hopping by default.

Regards
Kurt

answered 25 Mar '15, 18:08

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks for the info. I'll take a look at the python script and see if I can modify it to work for what I'm trying to do.

(25 Mar '15, 20:27) V Capps

A few quick modifications to apc-channel.py, and I now have a python script that sets the AirPcap to the specified channel. Thanks for your help!

(25 Mar '15, 21:20) V Capps

You're welcome.

Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. For extra points you can up vote the answer (thumb up).

(26 Mar '15, 01:36) Kurt Knochner ♦

Please file a bug report against dumpcap -k. If an option doesn't work, then it should either be made to work as expected, or it should be removed from being listed and accepted on platforms where it doesn't work.

(26 Mar '15, 07:07) cmaynard ♦♦

Yes, currently -k is Linux-only. Sadly, there do not yet exist libpcap APIs to allow the 802.11 channel to be set in a platform-independent fashion, so Wireshark needs to have its own platform-dependent code to do that, and that code has only been written for Linux so far.

(26 Mar '15, 14:27) Guy Harris ♦♦