Wireless cards can sniff on one channel at a time.

Channel hopping is used to rapidly change channels and briefly capture traffic.

Interference can result in lost traffic and incomplete packet captures.

Locate the capture station near the station being monitored, while disabling any local transmitters and minimizing CPU utilization.

Wireless card operating modes include managed, master, ad-hoc, and monitor.

Monitor mode causes the card to passively capture wireless traffic without connecting to a network.

Wireless cards do not normally transmit while in monitor mode.

Linux Wireless Extensions compatible drivers use the iwconfig utility to configure monitor mode.

The Linux MADWIFI drivers for Atheros cards use the wlanconfig utility to configure monitor mode.

Linux Wireless Extensions compatible drivers and the MADWIFI drivers use the iwconfig utility to specify the channel number.

Windows does not have a built-in mechanism for using a wireless driver in monitor mode.

The commercial AirPcap drivers and USB wireless dongle can be used to capture traffic in monitor mode.

Frame statistic information is included as the first group of fields in the Packet Details window.

Protocol dissectors extract and enumerate fields in the IEEE 802.11 header and payload.

The IEEE 802.11 header and payload data can be very complex, but the data is easily assessed with protocol dissectors.

Display filters can be applied to any...