How to set up OmniPeek to analyze Phones on a WLAN

Blogger's stats are telling me that yesterday was the most-trafficked day in the history of this blog, and as much as I want to credit Titanic's 100 year anniversary, I have to think it is because of my most recent blog post. That post showed how I used WildPackets OmniPeek to analyze the damage that unassociated smartphones can do to a WLAN. This follow-up is just a quick tutorial on how I set OmniPeek up to do that analysis.

In order to follow the same steps I did to analyze smartphone activity on a WiFi channel, you'll need a licensed version of WildPackets OmniPeek (Basic, Professional or Enterprise will do) and an 802.11a/b/g/n WiFi adapter that is compatible with OmniPeek. I used OmniPeek Enterprise with a Cisco-Linksys WUSB600Nv1 adapter.

To start, insert the WiFi adapter (if necessary) and open OmniPeek. Click the New Capture button to bring up the Capture Options window. Next, click the 802.11 link on the left hand side of the screen and select the Scan radio button. (If the Scan button is grayed out, that means that OmniPeek is trying to capture with an adapter/driver combination that is unable to use monitor mode.) Then click two successive OK buttons in order to open an OmniPeek capture window that looks like this:

After you click the green Start Capture button, OmniPeek begins capturing frames, including those being sent from the smartphone you are trying to analyze.

To view the list of APs and stations near you (including the offending smartphone), click the WLAN link on the lower left hand are of the OmniPeek capture window. If you are in an area with lots of WiFi, the WLAN screen may look sloppy, so you'll probably want to right-click on any AP or station and select Collapse all. Collapsing the information on the WLAN screen will give you something like this:

Once in the WLAN screen, click the [+] to the left of your WLAN and then click the [+] to the left of your AP. Those steps cause OmniPeek to show the list of stations that are associated to your AP, and it should look like this:

Once you are able to see a list of stations that are associated to your AP, the next step is to name your smartphone and create a filter. To name your smartphone, you will have to find the phone's MAC address. (iPhone MAC addresses are found via Settings -> General -> About.) Once you have the phone's MAC address, right click the smartphone's MAc address and select Insert into name table. You will get this screen, where you can give your smartphone an OmniPeek nickname:

With the phone named, the next step is to create a filter that will allow you to see only the frames being sent or received by the smartphone. Right-click the smartphone in the WLAN screen and select Make filter. OmniPeek will default to giving you filter settings that allow you capture only the frames that are being sent or received to your smartphone:

The final step in configuring OmniPeek to capture a single smartphone's WiFi frames is to enable the filter that you have created. To enable an OmniPeek filter, just navigate to the Filters screen on the left hand side of the screen and check the checkbox for the filter that you just created.

And that's it. If you have followed these steps, your WildPackets OmniPeek will be capturing only what your smartphone is sending or receiving. The only other tip I can give is that you can always clear out old information and get a fresh capture by clicking the red Stop Capture button and then re-clicking the green Start Capture button. I did that at one minute intervals in order to gather the information I used for the Phones on a WLAN blog post.


Popular posts from this blog

Spectrum Deception

What's New (and Missing) in the WiFi for iPhone 6

Free Sniffing in Windows! (Kind Of)