Date:Posted By:Category:Wi-FiTag:, ,

Full Frame Captures with Ekahau Sidekick 2

The Sidekick 2 from Ekahau allows you to perform packet captures leveraging the four built-in Wi-Fi NICs. The only way to configure and gather the captures is by using the Analyzer app, available on iOS. There is an Analyzer app for Android; however, packet capture is not supported on Android with version 1.3.0 or earlier.

In previous versions, frames were truncated during the capture process to preserve storage space. Wi-Fi header information was captured, but the payload from data frames was lost. This was not an issue for troubleshooting most Wi-Fi-specific issues as the payload was typically encrypted or should have been in any enterprise environment. Control and management frames are not truncated – meaning full beacon frames are captured. Data frames are truncated starting with the LLC layer.

Truncated frames in Wireshark

If one had access to the key, it could be added to Wireshark for decryption payloads, allowing troubleshooting of various application-related issues. For this reason, packet wranglers have long desired the ability to enable full frame captures using the Sidekick 2. Recent versions of the Analyzer app have made this possible.

Truncating is enabled by default, but you can disable it within the app.

  1. Within Analyzer, tap the ‘Ekahau Sidekick’ configuration button in the upper right.
  2. Enable ‘Full frame capture’.

Once disabled, full frames are captured and can then be decrypted if required.

Enable full frame capture on SK2 via Analyzer App

Perform the capture as you have always done in the Analyzer app.

  1. Tap the ‘Packet Capture’ button.
  2. Choose up to four channels.
    1. You can mix the bands.
    1. Each channel is assigned to a WNIC. If only 2 channels are selected, only 2 WNICs capture traffic.
  3. Tap the ‘Capture’ button.
  4. Capture unbounded frames hurling through space-time.
  5. Tap the ‘Stop Capture’ button once the desired capture duration/size has been reached.
  6. Share the capture using one of the many available options.
Select packet capture
Select channels to capture
Decide when to stop PCAP

All that’s left to do now is some packet sleuthing in your favourite packet analyzer – Wireshark!

Full frame capture in Wireshark

Slàinte!

Resources

Ekahau Sidekick 2

Ekahau Analyzer App (iOS) App Store

https://apps.apple.com/us/app/ekahau-analyzer/id1492115746

Ekahau Analyzer App (Android) Google Play Store

https://play.google.com/store/apps/details?id=com.ekahau.analyzer&hl=en&gl=US

Spread the word. Share this post!

Leave a comment

Your email address will not be published. Required fields are marked *