Cace Technologies AirPcap Wireless Capture Adapters User Manual

Family of Wireless Capture

Adapters

User’s Guide

Copyrights

Copyright © 2007 CACE Technologies, LLC.

All rights reserved.

This document may not, in whole or part, be: copied; photocopied; reproduced; translated; reduced; or
transferred to any electronic medium or machine-readable form without prior consent in writing from
CACE Technologies, LLC.

AirPcap Family of Wireless Capture Adapters User’s Guide

Document Version: 3.1
Document Revision: August 2007

CACE Technologies, LLC
Davis, CA 95616
(530) 758-2790
(530) 758-2781 (fax)

support@cacetech.com
http://www.cacetech.com

Contents

Contents and Figures

The AirPcap Product Family........................................................................3

A Brief Introduction to 802.11.....................................................................4

Terminology............................................................................................4

802.11 Standards.....................................................................................4

Channels..................................................................................................5

Types of Frames......................................................................................6

How AirPcap Adapters Operate...................................................................7

Multiple Channel Capture (applies to USB adapters only)....................8

Configuring the Adapters: the AirPcap Control Panel ................................9

Identifying the AirPcap Adapters ...........................................................9

Settings..................................................................................................10

WEP Keys .............................................................................................11

The Multi-Channel Aggregator (applies to USB AirPcap

adapters only) ........................................................................................12

AirPcap and Wireshark...............................................................................14

Identifying the AirPcap Adapters in Wireshark ...................................14

The Wireless Toolbar............................................................................14

The Wireless Settings Dialog................................................................16

The Decryption Keys Management Dialog ..........................................18

The Multi-Channel Aggregator (applies to USB AirPcap

adapters only) ........................................................................................19

Transmit Raw 802.11 Frames on Your Network.......................................20

Where to Learn More .................................................................................21

Appendix A: 802.11 Frequencies...............................................................22

2.4GHz Band.........................................................................................22

5GHz Band............................................................................................22

Channels Supported by the AirPcap Product Family...........................22

i

Figures

Figure 1: The AirPcap Control Panel. Settings Tab.....................................9

Figure 2: AirPcap N and Extension ChannelSetting................................. 10

Figure 3: The AirPcap Control Panel. Keys Tab. ..................................... 12

Figure 4: Multi-Channel Aggregator......................................................... 13

Figure 5: The Wireshark Adapters List..................................................... 14

Figure 6: The Wireshark Wireless Toolbar............................................... 15

Figure 7: Wireless Settings Dialog in Wireshark...................................... 17

Figure 8: Decryption Keys Management Dialog in Wireshark................ 18

Tables

Table 1. Feature Comparison for the AirPcap Product Family ...................3

ii AirPcap User’s Guide

The AirPcap Product Family

The AirPcap offerings are the first open, affordable and easy-to-deploy
packet capture solution for Windows. All of the AirPcap offerings will
capture full 802.11 data, management, and control frames that can be
viewed in Wireshark thereby providing in-depth protocol dissection and
analysis capabilities. Below we provide a feature matrix that gives a high­level overview of the feature sets of the adapters in the AirPcap Product
Family.

More detailed information regarding each the member of the AirPcap
Product Family can be found on the CACE Technologies Website

http://www.cacetech.com/.

AirPcap

Classic

Captures Full 802.11 Frames Yes Yes Yes Yes

Fully Integrated with Wireshark Yes Yes Yes Yes

Open API Yes Yes Yes Yes

Multi-Channel Monitoring
(with 2 or more adapters)

Packet Transmission No Yes Yes No

External Antenna Connector No No Yes No

Form Factors USB Dongle USB Dongle USB Dongle

Frequency Bands 2.4GHz (b/g) 2.4GHz (b/g) 2.4 and 5GHz

Table 1. Feature Comparison for the AirPcap Product Family

Yes Yes Yes No

AirPcap Tx AirPcap Ex AirPcap N

Cardbus (32 bits)1

2.4 and 5GHz

(a/b/g)

(a/b/g/n)

1

Other form factors available by special order are: mini-PCI and mini-PCI Express

3

A Brief Introduction to 802.11

Terminology

The terms Wireless LAN or WLAN are used to indicate a wireless local
area network, e.g. a network between two or more “stations” that uses
radio frequencies instead of wires for the communication.

All components that can “connect” to a WLAN are referred to as stations.
Stations fall into one of two categories: access points or wireless clients.

Access points transmit and receive information to/from stations using
radio frequencies. As we shall see later, the particular choice of a radio
frequency determines a wireless “channel.” An access point usually acts as
a “gateway” between a wired network and a wireless network.

Wireless clients can be mobile devices such as laptops, personal digital
assistants (PDAs), IP phones or fixed devices such as desktops and
workstations that are equipped with a wireless network interface card.

In some configurations, wireless devices can communicate directly with
each other, without the intermediation of an access point. This kind of
network configuration is called peer-to-peer or ad-hoc.

A Basic Service Set (BSS) is the basic building block of a WLAN. The
“coverage” of one access point is called a BSS. The access point acts as
the master to control the stations within that BSS. A BSS can be thought
of as the wireless version of an IP subnet. Every BSS has an id called the
BSSID, which is the MAC address of the access point servicing the BSS,
and a text identifier called the SSID.

802.11 Standards

802.11 is a standard that defines the physical layer and the data-link layer
for communication among wireless devices. The original 802.11
specification was ratified in 1997, uses the 2.4 GHz frequency band, and
allows transmission rates of 1 or 2 Mbps.

802.11a, ratified in 1999, is an extension of 802.11 that operates at 5 GHz.
It supports 8 additional transmission rates: 6, 9, 12, 18, 24, 36, 48 and 54
Mbps.

802.11b, ratified in 1999, is an extension of 802.11 that uses the same 2.4
GHz frequency band, and supports two additional transmission rates: 5.5
and 11 Mbps.

802.11g, ratified in 2003, is backward compatible with 802.11b, and
supports the same additional transmission rates found in 802.11a: 6, 9, 12,

4 AirPcap User’s Guide

18, 24, 36, 48 and 54 Mbps.

802.11i, ratified in 2004, defines an enhanced security mechanism based
on AES.

802.11n, expected to be ratified in 2009, is backward compatible with

802.11a, b, and g, and will operate at 2.4 GHz and optionally 5 GHz. It
can potentially support data rates up to 600 Mbps.

Channels

802.11b and 802.11g divide the 2.4 GHz spectrum into 13 channels,
beginning with channel 1 and ending with channel 13. The center
frequency of channel 1 is 2,412MHz, channel 2 is 2,417MHz, etc. The
center frequencies of adjacent channels are 5 MHz apart. The bandwidth
of each channel is 20 MHz which means that channels may “overlap.”
The commonly-used non-overlapping channels are channels 1, 6, and 13.
There is a 14th channel whose center frequency is 12MHz above channel

13. These frequency bands are referred to as channels and stations
communicate using a particular channel.

802.11a and 802.11n operate in the 5 GHz range which is divided into a
large number of channels. The center frequency of channel 0 is 5,000
MHz, the center frequency of channel 1 is 5,005 MHz. The formula for
relating channels (n) to center frequencies in the 5 GHz range is:

Center frequency (MHz) = 5,000 + 5*n, where n = 0, …, 199,

Center frequency (MHz) = 5,000 – 5*(256 – n), where n = 240, …, 255.

Note that channels 240 to 255 range from 4,920 MHz to 4,995 MHz. As
with the 2.4 GHz band, each channel is 20 MHz wide. 802.11n allows for
“wide” channels – that is, two adjacent 20 Mhz bands (note that the
channel numbers of the two adjancent 20 MHz bands are not adjacent)
can be used “side-by-side” in order to be backward-compatible with

802.11a, b, and g, or they can be combined into a single 40 MHz channel
in “Greenfield” mode.

The actual use of the channels, however, depends on the country. For
example,in the USA, the FCC allows channels 1 through 11 in the 2.4
GHz band, whereas most of Europe can use channels 1 through 13. No
matter where you are, you can use AirPcap to listen on any supported
channel. The regulations for the 5GHz band are much more complex.

Each BSS operates on a particular channel, i.e., the access point and all of
the wireless clients within a BSS communicate over a common channel.
The same channel may be used by more than one BSS. When this
happens, and if the BSSs are within communication range of each other,
the different BSSs compete for the bandwidth of the channel, and this can
reduce the overall throughput of the interfering BSSs. On the other hand,
selecting different channels for nearby access points will mitigate channel

AirPcap User’s Guide 5

interference and accommodate good wireless coverage using multiple
BSSs.

A BSS is formed by wireless clients “associating” themselves with a
particular access point. Naturally, a wireless client will have to “discover”
whether there is an access point within range and its corresponding
channel. For this purpose, access points advertise themselves with
“beacon” frames and wireless clients can (passively) listen for these
frames. Another discovery approach is for the wireless client to send out
“probe” requests to see if certain access points are within range.
Following the discovery process, wireless clients will send requests to be
associated with a particular BSS.

Types of Frames

The 802.11 link layer is much more complicated than the Ethernet one.
The main reason is that wireless links have lower reliability compared to
the reliability of wired links, and therefore the 802.11 link layer has
features to reduce the effects of frame loss. For example, every data frame
is acknowledged with an ACK frame. Moreover, the protocol needs to
support access point discovery, association and disassociation,
authentication, wired/wireless bridging, and many other features that are
not necessarily needed in a wired link layer.

When capturing on a wireless channel, you will see three main kinds of
frames:

• Data frames

• Control frames

o Acknowledgement

o Request to Send

o Clear to Send

• Management frames

o Beacons

o Probe Requests / Probe Responses

o Association Requests / Association Responses

o Reassociation Requests / Reassociation Responses

o Disassociations

o Authentications / Deauthentications

Additionally, frame headers may contain Quality of Service (QoS) and
High Throughput (+HTC) information.

6 AirPcap User’s Guide