Use Ethereal to track wireless frame data it normally can’t capture.

In addition to capturing Layer 2 (and greater) traffic on its own, Ethereal can open dump files saved by other tools that incorporate additional data, such as Kismet [Hack #31] or KisMAC [Hack #24]. Recent versions of Ethereal will happily display all 802.11 frame data that these passive monitoring tools can capture (Figure 3-38). This allows you to watch the behavior of devices at the 802.11 protocol layer, which can give you valuable insight into what is actually happening on your wireless network. Keep in mind that Kismet and KisMAC will capture all 802.11 they hear, including data for networks you might not be interested in. This is especially true if you capture data while the tools are scanning all available channels.

Figure 3-38. Ethereal can display 802.11 frames captured by other programs.

To focus on a particular access point, use a display filter on your data. The simplest way to create a filter from scratch is to build it interactively using the filter editor. At the bottom of the screen, click the Filter: button. Next, click Add Expression, which opens the filter editor. Select the information in which you are interested in the Field name pane. Since we are after the BSS ID of an AP, select IEEE 802.11 → BSS Id. Click = = as the Relation, and enter the MAC address ...