|
|
 |
A.
AirPcap is an adapter that captures all or a filtered set of WLAN frames and delivers the data to the Wireshark platform. Once AirPcap is installed, Wireshark displays a special toolbar that provides direct control of the AirPcap adapter during wireless data capture.
The Wireshark UI is then employed to perform network and data analysis on the packets derived from an AirPcap capture session.
AirPcap is also the name of a family of products that includes AirPcap Classic, AirPcap Tx, AirPcap Ex and AirPcap N. This product family represents the first open, affordable, and easy-to-deploy 802.11 WLAN packet capture solutions for the Windows platform. The various members of the AirPcap family + Wireshark provide information about wireless protocols and radio signals, enabling you to capture and analyze low-level 802.11a/b/g/n wireless traffic, including control frames, management frames, and power information.
Q.
What are the differences between each of your AirPcap versions?
A.
In addition to all of the packet capture features and functionality of AirPcap Classic, AirPcap Tx and AirPcap Ex support packet injection. This ability to transmit raw 802.11 frames is an invaluable aid in assessing the security of your wireless network. Several security tools, including Cain & Abel and Aircrack-ng, can use the AirPcap Tx adapter transmit features for advanced penetration testing.
AirPcap Ex is a new AirPcap family member that includes a USB-based 802.11 a/b/g adapter with an external antenna connector. AirPcap Ex provides packet transmission capabilities, multi-channel monitoring and aggregation, on-board microsecond timestamping precision, and more.
AirPcap N is the first solution to capture, decode, and visualize 802.11n protocol traffic from any laptop or desktop PC.
Q.
How is AirPcap different from other WLAN packet capture tools?
A.
Most WLAN packet analyzers provide proprietary drivers that are based on driver source code provided by Broadcom, Atheros, and other wireless chip manufacturers. AirPcap provides its own promiscuous driver that operates independently from on-board NICs and their drivers, allowing AirPcap to work with the broadest range of laptops and desktop PCs possible.
No other products provide 802.11 capture and transmission in a small package that can be easily moved between workstations.
In addition, AirPcap is the only solution on the market that easily enables capturing packets from multiple 802.11 channels by simply plugging more than one USB adapter into a laptop or desktop PC.
Q.
Which AirPcap versions provide support for multi-channel monitoring and aggregation?
A.
AirPcap Classic, AirPcap Tx, and AirPcap Ex all support multi-channel monitoring and
aggregation. AirPcap N does not currently support this functionality and there are no
immediate development plans to add this capability to the product.
Q.
I have a primary requirement to attach an external antenna for my WLAN analysis. Do you have any options?
A.
AirPcap Ex is a wireless USB adapter with an external antenna connector, and comes with a cable and antenna. Please contact us directly if you need an 802.11n adapter that supports external antennae.
Q.
Do you provide support for 802.11a?
A.
Both AirPcap Ex and AirPcap N provide support for 802.11a packet capture and analysis.
Q.
On which form factors is AirPcap N available?
A.
CardBus 32 bit, mini-PCI, and mini-PCIe.
Q.
Will you provide a USB adapter-supported version of AirPcap N?
A.
Our plan is to deliver a USB version of AirPcap N that supports a/b/g/n. Our ability to do this, however, depends on several factors, including availability of the device.
Q.
Does AirPcap offer on-board timestamping in microseconds?
A.
AirPcap Ex and AirPcap N provide support for hardware timestamping with microsecond precision.
Q.
Is there a way to see the keys derived from the various EAPOL handshakes as long as the pass phrases and full exchange are present?
A.
WPA temporal keys (PTK and GTK) are not displayed by Wireshark. Pairwise keys are derived but not displayed, and group keys are not, as yet, derived.
Q.
I’m using a laptop with a built-in adapter. Do you have a version of AirPcap that will support built-in adapters?
A.
No, and most people like it that way. Really! AirPcap Classic, Tx, and Ex are USB adapters, which leaves you free to you to use your built-in adapter for normal network operations while simultaneously using your AirPcap adapter for analysis. This is much more convenient and flexible than trying to use a single adapter for everything.
Q.
I purchased an AirPcap adapter a few weeks ago and have now discovered
that you have released a cool new adapter, that supports more features. I covet this new adapter. Is there a driver upgrade that I can purchase to add the packet transmission feature to my existing AirPcap adapter? If not, how can I go about getting the new features without buying a whole new adapter?
A.
Upgrading from one AirPcap adapter to another requires replacing the entire adapter.
If you would like to upgrade, you can do so by paying the difference in price between the two products along with any shipping fees. Please contact info@cacetech.com for more information.
Q.
Do you have a version of AirPcap that runs on Linux, OS X, FreeBSD, VMS, or OS/2?
A.
AirPcap runs on the following platforms:
- Windows 2000
- Windows XP (service pack 2, 32 or 64 bit)
- Windows 2003 (32 or 64 bit)
- Windows Vista (32 or 64 bit)
There are no plans to port AirPcap to other platforms at this time.
Q.
I see that you proivde packet-transmission and 11a support in AirPcap Ex. Does the packet transmission include custom crafted packets, or is it just playing back .cap streams?
A.
For the moment, our solution allows you to create custom packets that can then be sent over the air. We don't have replay capabilities yet. The packets are sent one at a time, but the API gives you the flexibility to send pretty much any way you like.
Q.
Can AirPcap sniff multiple channels at one time and debug WPA/WPA2 data?
A.
Our AirPcap Classic 3-Pack and AirPcap Ex 3-pack can capture traffic from 3 channels at the same time, and aggregate it in a single capture. WPA and WPA2 can be decrypted and analyzed using the Wireshark network analyzer, included with the AirPcap product CD.
Q.
I am using Wireshark to do Ethernet packet analysis and would like to do wireless packet capture as well, Do I just need to buy AirPcap from your company and install it and Wireshark will be enabled to deliver wireless data automatically?
A.
That’s right. After installing our driver and plugging our adapter in the USB port, Wireshark, as
will start capturing wireless traffic.
Q.
Is the signal strength of the AirPcap Tx adapter adjustable?
A.
It's not. The Tx frequency and strength are very strictly regulated by the FCC. The signal strength is set to the maximum allowed by the ship-to country.
Q.
Can AirPcap Tx be set in totally passive mode?
A.
AirPcap Tx is totally passive unless you use a program that explicitly injects packets.
Q.
Does AirPcap Tx run under BartPE?
A.
We've never tested it under BartPE, but our understanding is that BartPE is just a stripped down version of Windows that runs from a CD. In that case, we can't see any reason why AirPcap shouldn't work with it. You probably want to include the AirPcap driver when you build the BartPE image to avoid installing it every time.
Q.
I'm interested in AirPcap but the PCs in my test lab do not have USB 2.0 ports Is 2.0 a hard or soft requirement?
A.
The AirPcap adapter works with USB 1.0 as well. However, since the bandwidth of USB 1.0 is very low, you might experience drops at high frame rates. AirPcap-N is available in CardBus, mini-PCI, and mini-PCIe if that works better for you.
|
|
