Sunday, 23 Jun 2024
Technology

Collect Packet Captures Over the Air on a MacBook

This article will guide you through the process of collecting Packet Captures (PCAPs) Over the Air (OTA) on a MacBook using tools like Wireless Diagnostics, Airtool, and Wireshark. These captures are essential for troubleshooting and analyzing wireless behaviors.

Prerequisites

Requirements

To follow this guide, you should have knowledge of the following topics:

  • Cisco Wireless LAN Controllers (WLCs) AireOS or Cisco IOS®-XE
  • Basic knowledge of the 802.11 Standard

Components Used

The information provided in this guide is based on the following software and hardware versions:

  • Apple MacBook with macOS version 10.14.X or higher
  • Apple Wireless Diagnostics tool
  • Airtool 1.9 or higher
  • Wireshark 3.X or higher
  • Cisco Access Point (AP) 2802

Please note that the information in this guide was created using devices in a specific lab environment with default configurations. If your network is live, make sure to understand the potential impact of any command.

Background Information

Before we begin, here are a few things to consider:

  • It is recommended to have the MacBook acting as a Wireless Sniffer close to the AP and target device.
  • Make sure you know the 802.11 Channel and Width used by the client device and the AP.
  • You can find the Channel and Width on Cisco IOS®-XE Web Graphical User Interface (GUI) or AireOS Web GUI.
Tham Khảo Thêm:  How to Get into Gerudo Secret Club

Configure

Option A. Configure PCAP with Wireless Diagnostics

  1. Launch the Wireless Diagnostics Tool.

    Press and hold the ALT/Option Key from the keyboard and click on the top-right Wi-Fi icon.

  2. Open the Sniffer Tool.

    Select the Window menu from the Wireless Diagnostic Tool on the menu bar and choose Sniffer or use the keyboard shortcut ALT + Command + 6.

  3. Choose the Channel and Width used by the target device and AP.

  4. Click Start.

    This action puts the Wireless adapter in Monitor Mode and cannot be used to connect the device to a Wireless LAN (WLAN).

Step3-monitor-mode.png

  1. Wait for some time to collect the required information and click Stop.

    Tip: If the WLAN uses encryption such as Pre-shared Key (PSK), ensure the capture includes the four-way handshake between the AP and the desired client. This can be done by starting the OTA PCAP before the device is associated with the WLAN or by deauthenticating and reauthenticating the client while the capture runs.

  2. Locate the file.

    • Launch the Finder application on the MacBook.
    • Select the Go menu from Finder.
    • Choose the Desktop folder or use Go to Folder and type the destination path.

Option B. Configure PCAP with Airtool

  1. Install the third-party Airtool application.

  2. Launch the tool.

    Once launched, you can find Airtool in the top-right corner of the macOS menu bar.

  3. Select the Channel and Width used by the target device and AP to start the PCAP.

Screen Shot 2021-04-13 at 16.28.01.png

  1. Wait for some time to collect the required information and click Stop.

    Tip: If the WLAN uses encryption such as Pre-shared Key (PSK), ensure the capture includes the four-way handshake between the AP and the desired client. This can be done by starting the OTA PCAP before the device is associated with the WLAN or by deauthenticating and reauthenticating the client while the capture runs.

  2. The file will be located in the Desktop folder.

Tham Khảo Thêm:  15 Tips and Tricks to Optimize Your Windows 10 Performance

Option C. Configure PCAP with Wireshark

  1. Install Wireshark.

  2. Launch the application.

  3. Select the Capture menu from the menu bar and choose Options.

    This action opens a pop-up window.

Screen Shot 2021-04-14 at 12.13.32.png

  1. Select the Wi-Fi: en0 (Wireless adapter) and enable the Monitor option.

    Note: In this method, Wireshark cannot select the desired Channel and Width to scan. The Channel and Width are assigned with the Sniffer tool explained in this guide. Refer to Option A, Step 3 to change them.

  2. Click Start.

  3. Wait for some time to collect the required information and click the Stop button in Wireshark.

Screen Shot 2021-04-14 at 16.05.11.png

Tip: If the WLAN uses encryption such as Pre-shared Key (PSK), ensure the capture includes the four-way handshake between the AP and the desired client. This can be done by starting the OTA PCAP before the device is associated with the WLAN or by deauthenticating and reauthenticating the client while the capture runs.

  1. Save the PCAP file.

    • Click the Save button in Wireshark.
    • Select the destination folder.

Screen Shot 2021-04-14 at 12.45.58.png

Verify

Use this section to confirm that your configuration works properly.

Open the captured file with Wireshark and verify that 802.11 frames are visible.

Screen Shot 2021-04-13 at 17.03.25.png

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Frequently Asked Questions

  • Q: How can I locate the PCAP file when using Wireless Diagnostics?

  • A: The file is located in the Desktop folder or at the path /var/tmp/.

  • Q: Where can I find Airtool after installing it?

  • A: Airtool can be found in the top-right corner of the macOS menu bar.

  • Q: How can I select the Channel and Width when using Wireshark?

  • A: In Wireshark, the Channel and Width are assigned with the Sniffer tool explained in this guide. Refer to Option A, Step 3 to change them.

Tham Khảo Thêm:  How to Backup Google Photos to Hard Drive

Conclusion

By following the steps outlined in this article, you can collect Packet Captures Over the Air on a MacBook using tools like Wireless Diagnostics, Airtool, and Wireshark. These captures are invaluable for troubleshooting and analyzing wireless behaviors. For more information, visit the official website of Eireview – Extractive Industries Review at Eireview.