Archive for April 2014
I Have Seen the Future (of WiFi Sniffing), and It Is OmniPeek (on a Mac)
Yours Truly has been worried about the future of WiFi sniffing. Yours Truly worries about the people (they seem to prefer site surveyors) the software (AirMagnet has yet to support 802.11ac adapters) and the methods (WildPackets has been pushing AP-based capture). To a person who believes that portable WiFi sniffing is essential for optimizing WiFi performance, it is all very disconcerting. And yet, there is hope. WiFi sniffing is ready to step into the 802.11ac/Internet of Everything era, and here is how it can be done.
WildPackets OmniPeek has long been the author’s favorite WiFi sniffer, but it only runs on Windows. For years and years and years that was fine. There were always a few Windows-compatible WiFi adapters that worked great with OmniPeek. Now, however, WildPackets has gone in a different direction. They are promoting WiFi sniffing via an AP (which often results in a worthless capture) and saying that they don’t expect USB-based capture to be viable for 802.11ac.
WildPackets OmniPeek has long been the author’s favorite WiFi sniffer, but it only runs on Windows. For years and years and years that was fine. There were always a few Windows-compatible WiFi adapters that worked great with OmniPeek. Now, however, WildPackets has gone in a different direction. They are promoting WiFi sniffing via an AP (which often results in a worthless capture) and saying that they don’t expect USB-based capture to be viable for 802.11ac.
So, what to do? OmniPeek only runs on Windows, but they’re not planning to support capture via Windows-compatible USB adapters.
The answer is to switch to a Mac and use virtualization software. Here is what I did:
1) Buy a Mac
I prefer the MacBook Air because it is cheap, light and cool. (Literally cool. Meaning temperature. The darned MacBook Pro gets too hot to place comfortably on your lap.)
2) Buy Parallels
Parallels is virtualization software and it runs seamlessly on a Mac. Check out OmniPeek:
You can see the little Apple logo in the upper left, showing that I’m running Mac OS X as I run OmniPeek.
3) Capture in Wireless Diagnostics
I even made a video to show you how!
In case the video is unclear, you hold down the alt/option before clicking the WiFi icon on the top menu bar. Then you select “Wireless Diagnostics”, go to the “Window” menu, choose “Utilities”, click on “Frame Capture” and select your capture channel & bandwidth before clicking “Start”. YOu click “Stop” when you’re done capturing.
4) Open the capture file into OmniPeek
In case the picture above is unclear, you go to the Desktop, right-click on your *.wcap capture file, select “Open With” and select OmniPeek.
5) That’s it!
The limitation of this method is that you’re unable to see live frames as they are captured. Boo hoo. (Actually, it’s more than boo hoo. For certain tasks (like analyzing Probing behavior), not having access to a live capture is a real problem. But for most tasks, analyzing a capture file after the actual WiFi sniffing is done is just fine.)
On a MacBook Air, the capture I open in OmniPeek is a two-stream, 802.11ac capture. On a MacBook Pro, it would be a three-stream 802.11ac capture. That means capturing on an Air will result in me missing data sent and received by a Pro. Most 802.11a/b/g/n/ac devices will have all of their WiFi traffic captured just fine by an Air, however.
I am still hoping that someone creates a three-stream 802.11ac USB adapter that I can use for OmniPeek (or Fluke AirMagnet WiFi Analyzer, for that matter) capture, but in the meantime these steps will allow you to do useful, portable captures now and in the future.
***
If you like my blog, you can support it by shopping through my Amazon link or donating Bitcoin to 1N8m1o9phSkFXpa9VUrMVHx4LJWfratseU
Thank you.
sniffwifi 