Capturing wireless frames is a must know skill for any Wi-Fi network engineer.

Capturing Wireless Frames with a Mac

The Macbook Pro is an excellent tool for capturing wireless frames. The built-in wireless adapter can be used to sniff wireless frames in the air. As I like to say, the best troubleshooting tool you can have is the one that’s with you. Since I have my Mac with me all the time I tend to capture frames wherever I go.

There are many pros with capturing frames. It’s a great way to learn how Wi-Fi works. This is how I got started. Understanding how Wi-Fi communication works through frame captures gives you an upper-hand. One example is learning about the 802.11 State Machine.

When it comes to troubleshooting complicated issues, frames don’t lie. Not too long ago, my laptop had a difficult time connecting to public Wi-Fi. It frustrated me so much I decided to capture some frames. Within minutes I found out why. Just take a look at the screenshot below.

Tools

• Macbook Pro
• Airtool
• Metageek Profile
• Metageek Profile for Wireshark
• Mojo Packets

How To Capture Frames

1. Install Wireshark
2. Install the Metageek Profile
   1. Unzip the file
   2. Copy directory to /Users/user/.config/wireshark/profiles/
   3. Enable the profile in Wireshark by clicking on the bottom right of the open application. See screenshot below.
   4. 
3. Install Airtool
4. Select channel & channel width to capture on
   1. 
5. Start the capture and stop after a short time
   1. 
6. Analyze with Wireshark or Mojo Packets

Links and Resources

• Airtool
• Wireshark
• Mojo Packets
• Metageek Wireshark Profile
• Automating Wi-Fi Packet Analysis with Pyshark