|“...if you are a regular Wireshark/Ethereal user on Windows and you deal with wireless networks, this is a MUST HAVE product!”
Protocol Analysis Institute
The AirPcap Product Family offers a complete range of 802.11 WLAN packet capture solutions for the Windows platform.
Welcome to the AirPcap family of WLAN packet capture solutions. The AirPcap family is the first open, affordable and easy-to-deploy packet capture solution for Windows. All of the AirPcap offerings capture full 802.11 data, management, and control frames that can be viewed in Wireshark thereby providing in-depth protocol dissection and analysis capabilities. Below we provide a feature matrix that gives a high-level overview of the feature sets of the adapters in the AirPcap Product Family. More detailed information regarding each the member of the AirPcap Product Family can be found on each member’s product page.
AirPcap Product Family
How AirPcap Adapters Operate
All of the AirPcap adapters can operate in a completely passive mode. In this mode, the AirPcap adapter will capture all of the frames that are transferred on a channel, not just frames that are addressed to it. This includes data frames, control frames and management frames. When more than one BSS shares the same channel, the AirPcap adapter will capture the data, control, and management frames from all of the BSSs that are sharing the channel and that are within range of the AirPcap adapter.
The AirPcap adapter captures the traffic on a single channel at a time. The channel setting for the AirPcap adapter can be changed using the AirPcap Control Panel, or from the "Advanced Wireless Settings" dialog in Wireshark. Depending on the capabilities of your AirPcap adapter, it can be set to any valid 802.11 channel for packet capture.
The AirPcap software can optionally be configured to decrypt WEP-encrypted frames. An arbitrary number of keys can be configured in the driver at the same time, so that the driver can decrypt the traffic of more than one access point at the same time. WPA and WPA2 support is handled by Wireshark.
Multiple Channel Capture (applies to USB adapters only)When listening on a single channel is not enough, multiple AirPcap adapters can be used at the same time to capture traffic simultaneously from different channels. The AirPcap driver provides support for this operation through the Multi-Channel Aggregator technology that exports capture streams from multiple AirPcap adapters as a single capture stream. The Multi-Channel Aggregator consists of a virtual interface that can be used from Wireshark or any other AirPcap-based application. Using this interface, the application will receive the traffic from all installed AirPcap adapters, as if it was coming from a single device. The Multi-Channel Aggregator can be configured like any real AirPcap device, and therefore can have its own decryption, FCS checking, and packet filtering settings.