Colasoft Knowledge Base How to Use Capsa Enterprise to Capture Wireless Traffic

Use Capsa Enterprise to Capture Wireless Traffic

E-mail Print PDF

System requirements

First, a machine with Windows Vista or Windows 7 operating system is required, and then a wireless adapter is required. But there is a condition that only the wireless adapters with a Windows 7 compatibility logo are supported.

How do you know whether your adapter is supported by Capsa Enterprise? You can find a list on Microsoft website. If the adapter isn't in the list, you can just download and give Capsa Enterprise a try, because a wireless adapter works under Windows 7, it generally works with Capsa.

Windows 7 64-bit compatible wireless adapter

Windows 7 32-bit compatible wireless adapter

 

Video - show me

 

Start your first capture

Select a wireless adapter

Run Capsa Enterprise (run as administrator) and if nothing goes wrong, Capsa Enterprise recognizes your wireless adapter (figure below). Select the wireless adapter you want to use for wireless packet capture.

Select a wireless adapter

(Figure 1: select wireless adapter)

Note: If Capsa doesn’t recognize the wireless adapter, please update your adapter’s driver. Find the model of the adapter, and visit its manufacturer’s website to get the latest driver. Then, run Capsa again, to the best luck you can see the adapter now. But sadly if not, you can only try with a different machine or another wireless adapter.

Select AP & enter encryption key

Then continue to select the AP you want to listen into. For the first try, you'd better only select one AP (figure below); even Capsa is able to monitor multiple APs at the same time (note that multiple APs should work in the same channel).

Choose the APs want to monitor

(Figure 2: select AP to monitor)

If the selected AP has a little lock iconAP with encryption enabled, it means this AP is transmitting data in encryption, i.e. WEP, WPA and WPA2. In an encrypted AP, you are required to enter the encryption key to proceed. Double-click the AP item, and select Auto for the Encryption Type, check ASCII, and then enter the key. Click OK to go back.

Enter wireless network properties

(Figure 3: configure encryption key)

Note: please make sure the key entered is correct, or you won't get any useful statistics from the interface.

Select Network Profile & Analysis Profile

At the first capture, you can leave these two parts by default, Network Profile – Network Profile 1 (1,000M) and Analysis Profile – Full Analysis.

Click Start button

Caution: before clicking the Start button to start a capture, you should note that Capsa Enterprise will cut your wireless connection off because the adapter will be put into promiscuous monitor mode, which will only monitor traffic from the access point.

Now if you are ready, click the Start button, a capture will be initiated right away. And you’ll see the connection is down. If you need Internet connection, you have no choice but using another adapter.

Click Start button to start a wireless capture

(Figure 4: click Start button)

Reestablish connection (Only WPA/WPA2 required)

Next if the AP is using WPA or WPA2 encryption, you should disconnect all your hosts' connections and reconnect them (except the one with Capsa running). Or simply restart the AP. Why? Because Capsa WiFi needs the 4-way handshake packets, used between the host and the AP whey they establish a connection at the beginning, to work out the dynamic code to decrypt the packets. Without these packets, Capsa Enterprise is unable to decrypt the data.

For more questions, please visit Capsa WiFi FAQ: http://www.colasoft.com/support/capsa-for-wifi-faq.php

Last Updated on Thursday, 29 November 2012 07:20  

Add comment


Security code
Refresh