Wireshark Revealed:Essential Skills for IT Professionals
上QQ阅读APP看书,第一时间看更新

Wireless networking

Wireless networks utilize a range of 802.11 specifications to provide connectivity over 2.4 or 5 GHz frequency bands at a variety of speeds. The significant differences between wireless frames and those found on wired networks are as follows:

  • Wireless networks employ carrier sense (every station is listening), multiple access (shared medium), and collision avoidance (avoiding collisions instead of just recovering from them) techniques, which reduce the throughput
  • In addition to data frames, which get forwarded to the wired network, wireless frame types include the following:
    • Management frames: This is used for authentication and association tasks
    • Control frames: This controls send/receive functions on the shared media to help avoid collisions

Wireshark can be used to capture and analyze packets on Wireless networks. However, in order to analyze the control and management frames, as well as select the radio channels to capture on without having to associate with a specific channel, specialized adapters are required. These adapters are available from various networking vendors.

These wireless adapters and their drivers enable Wireshark to display a pseudo header just below the frame header in the Packet Details pane, which includes information about:

  • Data rate: This is the maximum data transfer rate possible across the radio channel
  • Channel frequency: This is the RF channel frequency that the station is using
  • Channel type: This is the 802.11 protocol used, and the common types are a, b, g, and n
  • RF signal and noise levels: This is the received RF signal strength and background noise levels; the larger the difference between these two the better the signal can be decoded

Remember when analyzing wireless networks, the wireless access points utilize a wired LAN connection to the rest of the network that may warrant a separate analysis. The access point strips off the 802.11 header and encapsulates a packet in an Ethernet frame before sending the packet off on the wired network.

The following screenshot illustrates the contents of a typical Radiotap Header and IEEE 802.11 frame; note the Data Rate, Channel frequency, and Signal/Noise values:

Note

There are numerous reference materials and books that you can read to learn more about networking and network protocols. One of the classic sources is TCP/IP Illustrated Volumes I, II, and III, W. Richard Stevens, Addison-Wesley Professional, available online or in book formats.