Follow the following instructions to begin sniffing packets:
Wireshark &
in the console. Once Wireshark is running, navigate to Capture | Interfaces.mon0
interface by clicking on the Start button to the right of the mon0
interface as shown in the previous screenshot. Wireshark will begin the capture, and now you should see packets within the Wireshark window.Click on the triangle in front of IEEE 802.11 Wireless LAN management frame to expand and view additional information.
Look at the different header fields in the packet and correlate them with the WLAN frame types and sub-types you have learned earlier.
We just sniffed out first set of packets off the air! We launched Wireshark, which used the monitor mode interface mon0
we created previously. You should notice, by looking at Wireshark's footer region, the speed at which the packets are being captured and also the number of packets captured till now.
Wireshark traces can be a bit daunting at times; even for a reasonably populated wireless network, you could end up sniffing a few thousand packets. Hence, it is important to be able to drill down to those packets that interest us. This can be accomplished using filters in Wireshark. Explore how you can use these filters to identify unique wireless devices in the traces– both access points and wireless clients.
If you are unable to do this, don't worry as this is the next thing we will learn.