Packet sniffing on wireless networks has unique challenges that are different than the challenges of capturing traffic on wired networks. Fortunately, many wireless cards support the ability to capture wireless traffic without needing to connect to a network with the monitor mode feature. By leveraging available tools and drivers for Windows and Linux systems, you can use a standard wireless card to capture traffic on the wireless network for analysis.

Wireshark s wireless analysis features have grown to be a very powerful tool for troubleshooting and analyzing wireless networks. Leveraging Wireshark s display filters and powerful protocol dissector features, you can sift through large quantities of wireless traffic to identify a specific condition or field value you are looking for, or exclude undesirable traffic until you are left with only a handful of traffic to assess. In this chapter, we examined several examples of display filters taken from practical analysis needs that you can apply to your own network analysis needs.

Wireshark doesn t limit itself to display filters for wireless analysis; we can also take advantage of other analysis features built into Wireshark to simplify wireless network analysis. Features like Wireshark s coloring rules allow us to leverage display filters to uniquely color-code packets in the Packet List window, which allows you to assess the contents of a packet capture by looking at the number of packets. If your packet capture includes radio signal strength information or transmission rate information, Wireshark can make that information visible...