Airpcap Driver For Wireshark
The AirPcap Product Family offers a complete range of The AirPcap driver provides support for this that can be used from Wireshark or any other AirPcap-based.
Wireshark University Training The AirPcap Family of wireless capture products provides a wide range of options for trouble-shooting 802.11 wireless.
AirPcap is an adapter that captures all or a filtered set of WLAN frames and delivers the data to the Wireshark platform. Once AirPcap is installed, Wireshark.
AirPcap Frequently Asked Questions
Video embedded RIVERBED AIRPCAP AirPcap Adapter for Microsoft Windows. Wireless traffic packet capture. Capture 802.11 WLAN packets for rapid.
Emulate an airpcap devices with cheaper cards with Acrylic WiFi NDIS driver and capture packets in monitor mode with Wireshark under Windows.
About Riverbed Support; Welcome, Guest. Software Documentation. SteelHead SteelCentral Cascade OPNET SteelFusion Riverbed AirPCap Wireshark AirPCap;.
Captures wireless traffic on a single channel
Each AirPcap adapter captures traffic on a single channel at a time; the channel setting for the AirPcap adapter can be changed using the AirPcap Control Panel, or from the Advanced Wireless Settings dialog in Wireshark or other tools. Depending on the model of your AirPcap adapter, it can be set to any valid 802.11a/b/g/n channel for packet capture.
Operate in completely passive mode
AirPcap adapters operate in a completely passive mode. This means that they capture the traffic on a channel without associating with an access point or interacting with any other wireless device. Unless you are transmitting with either AirPcap Tx, Ex or Nx, the adapters are not detectable by any other wireless station.
The AirPcap adapters can work in Monitor Mode. In this mode, the AirPcap adapter will capture all of the frames that are transferred on a channel, not just frames that are addressed to it. This includes data frames, control frames and management frames.
Can be configured to decrypt WEP-encrypted frames
The AirPcap software can optionally be configured to decrypt WEP-encrypted frames. An arbitrary number of keys can be configured in the driver at the same time, so that the driver can decrypt the traffic of more than one access point at the same time. WPA and WPA2 support is handled by applications such as Wireshark and Aircrack-ng.
Use multiple AirPcap adapters for multi-channel aggregation
When more than one AirPcap adapter is plugged in, the AirPcap Control Panel will show one additional interface: the Multi-Channel Aggregator. The Multi-Channel Aggregator is a virtual capture interface that can be used from Wireshark or any other supported application. Using this capture interface, the application will receive the traffic from all installed USB AirPcap adapters as if it was coming from a single device.
The Multi-Channel Aggregator has its own FCS, Capture Type and FCS Filter settings. These settings, and not those of the physical adapter, will be used when capturing from the Aggregator. Note that it s not possible to set the channel of the Multi-Channel Aggregator; instead, the channel drop-down box will show a list of aggregated channels. To change the channel of any individual adapter, select the Capture adapter from the Interface drop-down list and set the desired value in the channel drop-down box.
View this FAQ to learn more about how AirPcap works
Running Wireshark 1.4.2 on a Dell Vista64 laptop. Whenever my AirPcap Nx device is attached driver version 06/03/2009 to the laptop, Wireshark hangs upon loading.
AirPcap is an adapter that captures all or a filtered set of WLAN frames and delivers the data to the Wireshark platform. Once AirPcap is installed, Wireshark displays a special toolbar that provides direct control of the AirPcap adapter during wireless data capture.
The Wireshark UI is then employed to perform network and data analysis on the packets derived from an AirPcap capture session.
AirPcap is also the name of a family of products that includes AirPcap Classic, AirPcap Tx, AirPcap Ex and AirPcap Nx. This product family represents the first open, affordable, and easy-to-deploy 802.11 WLAN packet capture solutions for the Windows platform. The various members of the AirPcap family Wireshark provide information about wireless protocols and radio signals, enabling you to capture and analyze low-level 802.11a/b/g/n wireless traffic, including control frames, management frames, and power information.
What are the differences between each of your AirPcap versions.
In addition to all of the packet capture features and functionality of AirPcap Classic, AirPcap Tx, AirPcap Ex, and AirPcap Nx support packet injection. This ability to transmit raw 802.11 frames is an invaluable aid in assessing the security of your wireless network. Several security tools, including Cain Abel and Aircrack-ng, can use the AirPcap Tx adapter transmit features for advanced penetration testing.
AirPcap Nx is a new AirPcap family member that includes a USB-based 802.11 a/b/g/n adapter with two external antenna connectors. AirPcap Nx provides packet transmission capabilities, multi-channel monitoring and aggregation, on-board microsecond timestamping precision, and more.
AirPcap Nx is the first solution to capture, decode, and visualize 802.11n protocol traffic from any laptop or desktop PC.
How is AirPcap different from other WLAN packet capture tools.
Most WLAN packet analyzers provide proprietary drivers that are based on driver source code provided by Broadcom, Atheros, and other wireless chip manufacturers. AirPcap provides its own promiscuous driver that operates independently from on-board NICs and their drivers, allowing AirPcap to work with the broadest range of laptops and desktop PCs possible.
No other products provide 802.11 capture and transmission in a small package that can be easily moved between workstations.
In addition, AirPcap is the only solution on the market that easily enables capturing packets from multiple 802.11 channels by simply plugging more than one USB adapter into a laptop or desktop PC.
Which AirPcap versions provide support for multi-channel monitoring and aggregation.
AirPcap Classic, AirPcap Tx, AirPcap Ex, and AirPcap Nx all support multi-channel monitoring and aggregation.
I have a primary requirement to attach an external antenna for my WLAN analysis. Do you have any options.
AirPcap Ex 802.11a/b/g is a wireless USB adapter with an external antenna connector, and comes with a cable and antenna. AirPcap Nx 802.11a/b/g/n is a wireless USB adapter with two external antenna connectors, and comes with two pigtails and two antennas. Since both adapters have internal printed antennas, they will operate without a external antennas.
Do you provide support for 802.11a.
Both AirPcap Ex and AirPcap Nx provide support for 802.11a packet capture and analysis.
Does AirPcap offer on-board timestamping in microseconds.
AirPcap Ex and AirPcap Nx provide support for hardware timestamping with microsecond precision.
Is there a way to see the keys derived from the various EAPOL handshakes as long as the pass phrases and full exchange are present.
WPA temporal keys PTK and GTK are not displayed by Wireshark. Pairwise keys are derived but not displayed, and group keys are not, as yet, derived.
I m using a laptop with a built-in adapter. Do you have a version of AirPcap that will support built-in adapters.
No, and most people like it that way. Really. AirPcap Classic, Tx, Ex, and Nx are USB adapters, which leaves you free to you to use your built-in adapter for normal network operations while simultaneously using your AirPcap adapter for analysis. This is much more convenient and flexible than trying to use a single adapter for everything.
When I plug my AirPcap Nx adapter into my Vista system and launch WireShark or the AirPcap Control Panel, the application freezes until I remove the adapter.
There is a known bug in the USB stack of Vista SP2 that causes the AirPcap Nx adapter to lock-up. While Microsoft is aware of the situation, they have not yet provided a solution for Vista. We can supply a registry patch to fix the problem if you can first provide a registry dump of your Vista machine.
The below commands will generate a file called dump.reg in the root directory of the C: drive:
Open a command prompt: Start search box cmd
Type: regedit /e c: dump.reg HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Enum PCI
Click Yes to the prompt if any from User Account Control window.
Please email this partial registry dump file to support cacetech.com. Once we have this file we will create and return a custom patch file for your computer.
Do you have a version of AirPcap that runs on Linux, OS X, FreeBSD, VMS, or OS/2.
AirPcap runs on the following platforms:
Windows XP service pack 2, 32 or 64 bit
There are no plans to port AirPcap to other platforms at this time.
I see that you provide packet-transmission and 11a support in AirPcap Ex. Does the packet transmission include custom crafted packets, or is it just playing back. cap streams.
For the moment, our solution allows you to create custom packets that can then be sent over the air. We don t have replay capabilities yet. The packets are sent one at a time, but the API gives you the flexibility to send pretty much any way you like.
Can AirPcap sniff multiple channels at one time and debug WPA/WPA2 data.
Our AirPcap Classic 3-Pack, AirPcap Ex 3-pack, and AirPcap Nx 3-pack can capture traffic from 3 channels at the same time, and aggregate it in a single capture. WPA and WPA2 can be decrypted and analyzed using the Wireshark network analyzer, included with the AirPcap product CD.
I am using Wireshark to do Ethernet packet analysis and would like to do wireless packet capture as well, Do I just need to buy AirPcap from your company and install it and Wireshark will be enabled to deliver wireless data automatically.
That s right. After installing our driver and plugging our adapter in the USB port, Wireshark, as will start capturing wireless traffic.
Is the signal strength of the AirPcap Tx adapter adjustable.
It s not. The Tx frequency and strength are very strictly regulated by the FCC. The signal strength is set to the maximum allowed by the ship-to country.
Can AirPcap Tx be set in totally passive mode.
AirPcap Tx is totally passive unless you use a program that explicitly injects packets.
Does AirPcap Tx run under BartPE.
We ve never tested it under BartPE, but our understanding is that BartPE is just a stripped down version of Windows that runs from a CD. In that case, we can t see any reason why AirPcap shouldn t work with it. You probably want to include the AirPcap driver when you build the BartPE image to avoid installing it every time.
Why does AirPcap NX cards have two antennas. I understand that 802.11n
offers MIMO capabilities. Is this related to that. Can you explain how the
RF reception of these two antennas are aggregated or filtered on baseband.
The use of two antennas is due to both MIMO and two other RF techniques
used by 802.11n to offer higher rates and better reception. Different
techniques to merge the signals are used, depending on the specific
modulation used HT-OFDM with 20 or 40MHz channels, or DL-OFDM. In some
cases, the packet is transmitted on both antennas, and each antenna
transmits a part of the packet using a slightly different modulation. In
other cases, the packet is duplicated on the two antennas and on
reception the RF combines the two copies of the packet a sort of
redundancy. In the case of receiving packets with an 802.11b/g
modulation, OFDM, the two antennas are used for antenna diversity,
i.e., they use the fact that separate antennas receive a slightly
different RF signal. In this case, the RF section combines the two signals
A complete explanation of all these techniques can be found in the IEEE
I m interested in AirPcap but the PCs in my test lab do not have USB 2.0 ports Is 2.0 a hard or soft requirement.
The AirPcap adapter works with USB 1.0 as well. However, since the bandwidth of USB 1.0 is very low, you might experience drops at high frame rates.
Riverbed AirPcap was formerly referred to as AirPcap. Visit Riverbed AirPcap overview page to learn more. Riverbed AirPcap USB-based adapters capture 802.11.
Riverbed AirPcap
