Follow the following instructions to begin sniffing packets:
- Power up the Access Point Wireless Lab that we configured in Chapter 1, Wireless Lab Setup.
- Start Wireshark by typing
Wireshark &in the console. Once Wireshark is running, navigate to Capture | Interfaces.
- Select packet capture from the
mon0interface by clicking on the Start button to the right of themon0interface as shown in the previous screenshot. Wireshark will begin the capture, and now you should see packets within the Wireshark window.
- These are wireless packets that your wireless adapter is sniffing off the air. In order to view any packet, select it in the top window and the entire packet will be displayed in the middle window.
Click on the triangle in front of IEEE 802.11 Wireless LAN management frame to expand and view additional information.
Look at the different header fields in the packet and correlate them with the WLAN frame types and sub-types you have learned earlier.
We just sniffed out first set of packets off the air! We launched Wireshark, which used the monitor mode interface mon0 we created previously. You should notice, by looking at Wireshark's footer region, the speed at which the packets are being captured and also the number of packets captured till now.
Wireshark traces can be a bit daunting at times; even for a reasonably populated wireless network, you could end up sniffing a few thousand packets. Hence, it is important to be able to drill down to those packets that interest us. This can be accomplished using filters in Wireshark. Explore how you can use these filters to identify unique wireless devices in the traces– both access points and wireless clients.
If you are unable to do this, don't worry as this is the next thing we will learn.