wifi pcap on windows, Capture and storage of wireless traffic on windows 10

28 - Nov - 2018 - Tarlogic Research

Table of Contents

How to make a pcap capture of wifi traffic on windows in an easy and simple way

To make a pcap wifi capture in windows is no longer necessary to have great knowledge or have specialized or expensive hardware.

When analyzing and investigating WiFi communications, it is very important to be able to capture and store in a secure and standard way all WiFi data packets for analysis at any time in detail.

What can be seen with a pcap wifi capture made on windows?

If you have an access point that is having problems that the internet connection is slow, you can monitor the WiFi connection and investigate what happens. If the router often disconnects you, the data can be saved in PCAP format to detect if someone is attacking our WiFi network. In general you can detect things like:

Identify attacks against WiFi infrastructure
Locate devices that make use of obsolete WiFi standards that penalize performance.
Determine if a device is not advertised correctly.
Configuration problems in routers.

How can we take a wifi capture in pcap format in windows?

Through Acrylic Wi-Fi Analyzer you can monitor communications and WiFi transmissions and not only see the information in real time but also save all WiFi packets in a file with the standardized PCAP format.

These PCAP files are labeled with the LINKTYPE_IEEE802_11_RADIOTAP (DLT_IEEE802_11_RADIO) which has a value of 0x0000007F (127) so that at the time of analyzing it we know what type of data are stored.

Whether you have a card compatible with monitor mode, a wifi sniffer, or not, you can always store WiFi packets in a PCAP file.

At the end of a capture you can save these results through the main menu and open them at any time.

Also when a second capture is started, if the data has not been saved, it will ask if we want to save the data of the previous one so that they are not lost.

It is interesting because it allows daily, monthly, etc. captures so that the WiFi features are captured in temporary instants that allow for checks and comparisons.

Normal capture

This can be done with any WiFi card in the market, and all available access points in the surrounding area will be displayed in Acrylic Wi-Fi Analyzer.

These access points send packets of data that can be captured and stored. Being in PCAP format, they can be reopened with Acryclic Wi-Fi Analyzer in the future and status and features can be reviewed.

Capture monitor mode

If you have a compatible card in monitor mode, with a wifi sniffer, in addition to the access points the list of clients connected to the WiFi network is shown.

In the same way that is done with the capture in normal mode, this data can be stored in a PCAP file can be reopened at any time.

So that you can generate a library of captures over time that shows the characteristics and configurations of networks and clients and be able to detect changes in them as well as unauthorized customers.

Data analysis

With Acrylic Wi-Fi Analyzer you can open PCAP files and get a snapshot of the state of the network at the time of capture, being able to make use of its modules measuring the quality of the WiFi network with recommendations for improvements. In this way you can see the recommendations such as which is the best channel for the WiFi network or if the type of security is not appropriate. You can also use the packet viewer to detect if there are attacks against the network that may be causing clients to be disconnected, if there is high packet traffic slowing down the web, etc.

There are many tools capable of working with the PCAP data format, such as Wireshark and all its console tools that allow analysis and counting of packages and work and automate analysis. With these captures in PCAP format is obtained a control and monitoring of the status of WiFi networks and there is evidence to check, corroborate and justficar the status of wireless networks as well as customers.