How to capture packets on 802.11 wireless networks with OpenBSD

---------------------------------------------------------------

1. Get an 802.11 wireless adapter that supports monitor mode. If you don't know what adapter to use,
from a -current OpenBSD release run 'apropos wireless' and then man the chipsets.

2. To capture 802.11 packets, you *should not* have an IP address or be associated with an Access Point.
ACLs and MAC address restrictions have no impact on your ability to capture packets.

3. Run ifconfig to get the channel and the nwid of the Access Point (replace if0 with your 802.11 device name):

ifconfig if0 scan

4. Now, configure the adapter like so:

ifconfig if0 chan 6
ifconfig if0 nwid TheAP
ifconfig if0 mediaopt monitor
ifconfig if0 up

5. In a separate terminal, run tcpdump to capture what the adapter sees:

tcpdump -tttt -s 1514 -i if0 -y IEEE802_11 -w wireless.capture

6. After a few hours (or whatever your time window is), load the tcpdump output file into a packet analyzer for analysis.

Note: As of the writing of this document, OpenBSD does not support 802.11n... yet.

copyright 2009 16Systems