Packet Capture with your Sidekick

I’m not talking about figuring out what’s going on with your customer’s WLAN with Robin or Hutch. I’m talking about using the “Swiss Army Knife” of Wifi, the Ekahau Sidekick. Before I dive in, let it be known that in no way is this a paid endorsement or am I affiliated with Ekahau in any way. It’s an informative post of what you can do with this device.

This post will focus on the ability to do packet capture Ekahau Sidekick, along with Ekahau Capture.

Packet Capture

To start a packet capture with Ekahau Capture (assuming you have correct licensing and cloud account setup), first fire up your Sidekick. Once that boots up, start the Capture program undefined. This will bring you to the screen where you can set up your channels and other options.

Make sure to select the channels you are looking to capture data on. If you want to capture packets across all channels on both bands, just click “All” in each section. The beauty of using the Sidekick is that there are two radios that it will use for capturing. Next, you can select “Options” to choose where you would like to save your captures, as well as set the channel dwell time.

Once you make your selections, click “Capture” and watch the lower left of the Capture screen to see how much data you are capturing.

Once you have the amount of data you require, you can stop the capture and close out of the program. Ekahau Capture creates a “.pcap” file which can be opened in your favorite packet analysis tool, like Wireshark or WiFi Explorer Pro (a tool no wireless engineer should go without).

I am no guru of packet analysis, but once you load the “.pcap” file in to your tool of choice, you can start to do some basic packet analysis. For example, you can take a look at beacon frames on both the 2.4GHz and 5GHz bands.

In the beacon frame, you can see that the frame type is a Management frame. Aside from the heading saying it is a beacon frame, you can tell by the RA and DA that this frame is being broadcast and which BSSID it is coming from.

Next you can take a look at the radio information.

From this information you can see the PHY type, data rate, channel/frequency, and reported RSSI level.

Finally you can take a look at the Wireless LAN information, which will show you parameters of the WLAN like SSID, supported data rates, .11n and .11ac (5GHz only) capabilities, and security type, to name a few.

Drilling down on each Tag, will show more detail for each parameter. For example you can see from below that the this SSID is using WPA2-Personal with a Pre-Shared Key for authentication.

Or from this 5GHz packet, you can see the channel width and MCS supported rates along with spatial streams supported in the VHT capabilities tag.

There is a lot more that you can analyze when troubleshooting, but I wanted to focus on the fact that you are able to capture this information from the Sidekick, with ease. Gone are the days of having to buy a separate USB dongle, and making sure it is configured for promiscuous mode so you could capture packets on all channels.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s