Hi, we are planning to use Wireshark to display Wi-Fi packets which are captured by external Wi-Fi sniffer board. The board itself has USB connection which is recognized as COM PORT on the PC. Can someone help us how to start? Thanks. asked 09 Mar '16, 04:47  lhend |
One Answer:
You'll likely have to look at writing an extcap plugin. extcap allows an external capturing process to feed the captured traffic into Wireshark. There's the original SharkFest presentation about extcap here, the extcap man page here and in toe Wireshark source\doc directory there's README.extcap. The last item is probably the most up-to-date resource. answered 09 Mar '16, 05:30  grahamb ♦ |
The first thing I would ask myself before even obtaining such a board is what transmission speed of the "serial port" its USB part supports. While currently supported WiFi aerial bitrates are in tens of Mbps, USB2.0 has a maximum bitrate of 480 Mbps which actually means about 280 Mbps, but this mode usually doesn't come together with the serial ("com") port model, so you may find yourself limited to 12 Mbps theoretical rate which effectively means about 8.
Unless you can download the data faster than you capture them, you'd have to have a lot of RAM on the board and still its size would set a limit to your captures' size/duration.
If the board's USB interface could behave as a gigabit Ethernet over USB 3.0, that would be a completely different story - no bottleneck and much simpler software interface as you could feed such a GbE interface with the frames captured on WiFi augmented with a simple encapsulation header and capture them using the standard libpcap/WinPcap, rather than deploying the extcap model.