Monday, 17 February 2014

WLAN Packet Capture - Wi-Fi Filter Categories in Wireshark

Wireshark has an expression builder to help build filter expressions to filter out the frames that perhaps you don't want to see, or to allow you to select the frames would like to view.

At first glance, the categories are pretty overwhelming due to the fantastic array of protocols that Wireshark can decode for us. I certainly had to dig around a little the first time I looked through the list before I found the WiFi related categories.

I thought it might be useful to list the categories (that I have found so far!) that relate to WiFi traffic.  Here is the list, together with a brief description of each one:
  • 802.11MGT - IEEE 802.11 Wireless LAN management frame
  • 802.11MGT - Radiotap - IEEE 802.11 Radiotap Capture Header
  • IEEE 802.11 - IEEE 802.11 wireless LAN
  • IEEE 802.11 Aggregate Data - IEEE 802.11 wireless LAN aggregate frames
  • Wi-Fi P2P - Wi-Fi Peer-to-Peer