All, I am trying to debug a custom device and I followed the very helpful instructions here http://www.algissalys.com/network-security/passive-packet-sniffing-on-wifi-connections to get going. I now have several capture files, but am struggling to figure out what they mean. What I have figured out is that the data from my device to the cloud is probably encapsulated in QoS Data packets but I am having a hard time figuring out all of the intricacies of how these packets (and groups of packets) are to be interpreted. Can you please point me to a good primer that will help me learn how to interpret these packets? Thank you. asked 26 Jul '17, 16:43 groston |
One Answer:
I'd start here: http://shop.oreilly.com/product/9780596100520.do This is Gast's 802.11 book and it is pretty good. It will describe in some detail 802.11 and the protocols in use. For Wireshark analysis, you could probably skip some of the real low level stuff about modulation as you are looking at 802.11 frames and how they interact. Of course, the 802.11 specification is useful as well but I find it a tough read. It's available for free from IEEE. It can be found here: https://standards.ieee.org/about/get/802/802.11.html You probably want to have it at least for a reference. Analysis comes up here on this site, but it is usually very detailed when someone posts a trace or something so certainly search here for 802.11 questions and answers, but it is not a tutorial. I am not sure if some of the Wireshark training that is available publicly (Laura Chappell et al) includes 802.11 or not, but it is worth asking. Maybe they can make a class for you or something. answered 27 Jul '17, 02:41 Bob Jones |
@Bob Jones = I have that same book! It is a great book for WiFi! Not so great on the latest technologies (like 11ac), but as you indicated, that is what the specs are for. :)
There's a 3rd edition due out in March next year, and the same author has an 802.11ac book as well (I don't have any of the books :-( but might have to buy one soon).