# 2. Perform Wireless Traffic Analysis

## 1. Wi-Fi Packet Analysis using Wireshark <a href="#task-1-wi-fi-packet-analysis-using-wireshark" id="task-1-wi-fi-packet-analysis-using-wireshark"></a>

Wireshark is a network protocol sniffer and analyzer. It lets you capture and interactively browse the traffic running on a target network. Wireshark can read live data from Ethernet, Token-Ring, FDDI, serial (PPP and SLIP), and 802.11 wireless LAN. Npcap is a library that is integrated with Wireshark for complete WLAN traffic analysis, visualization, drill-down, and reporting. Wireshark can be used in monitor mode to capture wireless traffic. It is able to capture a vast number of management, control, data frames, etc. and further analyze the Radiotap header fields to gather critical information such as protocols and encryption techniques used, length of the frames, MAC addresses, etc.

You can open a captured file in wireshark to analyze it.

<figure><img src="/files/6gMJy4FTvowmBuvAMBSU" alt=""><figcaption></figcaption></figure>

The **8.cap** file opens in Wireshark window showing you the details of the packet for analysis. Here you can see the wireless packets captured which were otherwise masked to look like **ethernet** traffic.

Here 802.11 protocol indicates wireless packets.

You can access the saved packet capture file anytime, and by issuing packet filtering commands in the Filter field, you can narrow down the packet search in an attempt to find packets containing sensible information.

In real time, attackers enforce packet capture and packet filtering techniques to capture packets containing passwords (only for websites implemented on HTTP channel), perform attacks such as session hijacking, and so on.

<figure><img src="/files/muMsBNFJ060LL9qBR1il" alt=""><figcaption></figcaption></figure>

## <mark style="color:red;">2. Find wifi networks and sniff traffic with wash and wireshark</mark>

```
airmon-ng start wlan0
wash -i wlan0mon0   //to check WPS enable networks
```

Filter 802.11 packets in wireshark

<mark style="color:green;">You can also use other wireless traffic analyzers such as</mark> <mark style="color:green;"></mark><mark style="color:green;">**AirMagnet WiFi Analyzer PRO**</mark> <mark style="color:green;"></mark><mark style="color:green;">(<https://www.netally.com>),</mark> <mark style="color:green;"></mark><mark style="color:green;">**SteelCentral Packet Analyzer**</mark> <mark style="color:green;"></mark><mark style="color:green;">(<https://www.riverbed.com>),</mark> <mark style="color:green;"></mark><mark style="color:green;">**Omnipeek Network Protocol Analyzer**</mark> <mark style="color:green;"></mark><mark style="color:green;">(<https://www.liveaction.com>), and</mark> <mark style="color:green;"></mark><mark style="color:green;">**CommView for Wi-Fi**</mark> <mark style="color:green;"></mark><mark style="color:green;">(<https://www.tamos.com>) to analyze Wi-Fi traffic.</mark>

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ceh-practical.cavementech.com/module-16.-hacking-wireless-networks/2.-perform-wireless-traffic-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.