Share this page : facebooktwitterlinkedinmailfacebooktwitterlinkedinmail



Other tools are available,

Metageek Inssider,  RF analyzer, Riverbed AirPcap, wifi Scanner(MAC), iStumbler

To monitor all traffic in the air, you need to switch the Wireless NIC into monitor mode:

Preferences > Protocol > IEEE802.11 > Decryption Key: Edit


Analyze the wireless beacon:

Layer 1 information:

Radiotap Header > SSI signal,SSI Noise The actual SSI signal is SSI signal – SSI noise.

 If you want to add a column named SSI: right click the ssi signal in the packet info > Apply as Column


IEEE 802.11 Beacon frame

BSSID = Source address

Beacon interval: if you have VOIP wireless device, it’s better to configure the interval to lower than 100ms, like 50ms.

Filter the frames by signal strength:

radiotap.dbm_antsignal < -65

  • Layer 2 info – 802.11
  • wlan addr = MAC


Two phases of voice calls
Call setup
  • SIP, open standard, contains SDP
  • SCCP
Voice stream transfer
  • RTP generally ports 8000-9000
  • RTCP
Where to place your tap
  • Closest to the phone as possible
Statistics to detect packet loss
  • Telephony/RTP/Show All Streams
Jitter = variance
  • Anything above 20ms is noticable