Wireshark – Mac-WiFi

10 November 2022

How to use WLANPi as a capture adapter in Wireshark 4.x on Windows

This is a very quick article to help anyone trying to setup the WLANPi as a capture adapter in Wireshark 4. I only tried it with the WLANPi Pro and Wireshark 4.0.1 on my Windows 10 laptop, so apologies if your experience differs, but I’m hoping this post contains enough info to get you started if you’ve never done this before.

This post also assumes your WLANPi has an IP address and you can SSH to it from the Wireshark laptop. It may be possible to connect to the WLAN using the USB-OTG or some other means but I’ve not tested it and will only be looking at the SSH method here.

10 September 202110 September 2021

Why are my Wireshark Neighbor Report filters broken?

Just a short post to inform people that Wireshark have deprecated the filter ‘wlan.rm’ (which I presume stood for Radio Measurement) and moved the subfilters into ‘wlan.fixed’. This happened in Wireshark version 3.2.10.

For Neighbor Report Requests this is the change:
Old: wlan.rm.action_code == 4
New: wlan.fixed.action_code == 4

For Neighbor Report Responses this is the change:
Old: wlan.rm.action_code == 5
New: wlan.fixed.action_code == 5

8 April 2021

How to verify whether 802.11k and 11r are enabled (via a capture)

I was chatting with my old colleague and friend Vince Folk from Vocera recently when he challenged me to name the Information Elements you would find 802.11k/r settings in.

Immediately my smugness shot to Maximum because this is something I’m very familiar with, you might even have seen my WLPC EU 2019 video analysing 802.11k/r/v. However, as the biotic hamsters in my dusty shell of a skull scurried around trying to find the grey matter holding this information my smugness waned.

When Vince finally put me out of my misery the IE names did not ring a bell with me. Not a single one! So the only reasonable course of action was to blog about it, to cement it into the aforementioned grey matter, and hopefully help someone else out too.

19 November 202019 November 2020

VoIP QoS List

Every now and again someone asks what QoS Access Category (AC) a particular application uses, usually to see if a VoIP application is tagging its packets correctly. I recently checked this out for two differnt applications so thought I’d start a record of what I find.

19 November 2020

WLANPi Wireshark sshdump error

I wanted to use the WLANPi as a remote Wireshark capture adapter for the first time recently so I got stuck in. However, I hit an error that returned very little information when I googled it. Once I’d been shown the resolution I figured I’d document it here to help others (and no doubt myself when this happens again).

30 August 201815 October 2018

Finding Neighbor Reports in a Wireshark capture

I was looking through a ~~packet~~ frame capture today and noticed some Neighbor reports for the first time. While I had the opportunity I thought it would be useful to grab the Wireshark filter for them. I then did way too much thinking and realised I should put them into a blog post.

Note: I will now revert to the queens English and return the U’s into the word Neighbour.

Continue reading “Finding Neighbor Reports in a Wireshark capture”