Speed up your WLAN Analysis ProcessesThis weekend I recorded the WLAN Analysis 101 course (available to All Access Pass members already). I spent a fair amount of time customizing a profile for Wireshark to include columns, display filters and color filters focused on WLAN traffic.
What should your customized WLAN profile include?
Three Columns to Add
Consider adding columns for Frequency/Channel information, RSSI (Receive Signal Strength Indicator), and transmit rate. Once you have these columns added to Wireshark, you can sort on the columns and even use them when exporting to a spreadsheet program for further graphing.
Hot Display Filters
Add display filters to quickly view all traffic on a specific channel - for example, radiotap.channel.freq == 2412 will display all Channel 1 traffic. You might also want to create filters to display all beacons for a specific SSID. The syntax for that would be wlan.fc.type_subtype == 0x08 && frame contains "wsu" to see all the beacons related to the wsu WLAN network.
Wild Color Filters
Besides creating color filters for the various channels (which use the same syntax as the display filters), consider coloring traffic that has the retry bit set to 1 (for example, wlan.fc.retry == 1) , Probe Requests/Responses and Associations/Reassociations/Disassociations. I create 'butt ugly' color filters for frames that I consider a problem, such as retry frames.
Customized profiles can include your column settings, font settings and capture filters as well. You could create a custom profile for the corporate office, a specific client or a specific network type.Customizing Wireshark to fit the network you are working on helps you sort out the traffic and spot problems faster!
The "WLAN Analysis 101" course released to All Access Pass members on September 13, 2009. This course includes color filters, display filters, WLAN trace files, Chanalyzer recordings and a 29-page course handout. This course is available for individual purchase at www.chappellseminars.com/s-wlan1.html.
Enjoy life... one bit at a time.
Laura
