AirPcap USB Wireless Packet Capture

0 Comments

The AirPcap Wireless Packet Capture device is the first open, affordable and easy-to-deploy packet capture solution for Windows. AirPcap captures full 802.11 data, management, and control frames that can be viewed in Wireshark providing in-depth protocol dissection and analysis capabilities. The feature matrix below gives a high-level overview of each adapter in the AirPcap Product Family – choose from AirPcap Classic, AirPcap Tx or the latest AirPCap Nx. More detailed information regarding each can be found on the relevant corresponding product pages. All AirPcap devices can be purchased from our Online Store.

AirPcap Classic AirPcap Tx AirPcap NX

Full 802.11 Capture

Yes Yes Yes

Wireshark Integration

Yes Yes Yes

Open API

Yes Yes Yes

Multi-channel Monitoring
(requires 2+ adapters)

Yes Yes Yes

Packet Transmission

No Yes Yes

External Antenna Connector

No No Yes
2 connectors

Form Factor

USB USB USB

Frequency Bands

b/g b/g a/b/g/n

How AirPcap Operates
All AirPcap adapters can operate in a completely passive mode. In this mode, the AirPcap adapter will capture all of the frames that are transferred on a channel, not just frames that are addressed to it. This includes data frames, control frames and management frames. When more than one BSS shares the same channel, the AirPcap adapter will capture the data, control, and management frames from all of the BSSs that are sharing the channel within range of the AirPcap adapter.

AirPcap adapters capture traffic on a single channel at a time. The channel setting for the AirPcap adapter can be changed using the AirPcap Control Panel, or from the “Advanced Wireless Settings” dialog in Wireshark. Depending on the capabilities of a specific AirPcap adapter, it can be set to any valid 802.11 channel for packet capture.

The AirPcap software can be configured to decrypt WEP-encrypted frames. An arbitrary number of keys can be configured in the driver at the same time, so that the driver can decrypt the traffic of more than one access point simultaneously. WPA and WPA2 support is handled by Wireshark.

Multiple Channnel Capture
When monitoring on a single channel is not enough, multiple AirPcap adapters can be plugged into your laptop or a USB hub and provide industry-leading capability for simultaneous multi-channel capture and traffic aggregation. The AirPcap driver provides support for this operation through Multi-Channel Aggregator technology that exports capture streams from multiple AirPcap adapters as a single capture stream. The Multi-Channel Aggregator consists of a virtual interface that can be used from Wireshark or any other AirPcap-based application. Using this interface, the application will receive the traffic from all installed AirPcap adapters, as if it was coming from a single device. The Multi-Channel Aggregator can be configured like any AirPcap device, and therefore can have its own decryption, FCS checking, and packet filtering settings.

Categories: