Wireless

 

Other tools are available,

Metageek Inssider,  RF analyzer, Riverbed AirPcap, wifi Scanner(MAC), iStumbler

To monitor all traffic in the air, you need to switch the Wireless NIC into monitor mode:

Preferences > Protocol > IEEE802.11 > Decryption Key: Edit

 0dbm=1milliwatt

Analyze the wireless beacon:

Layer 1 information:

Radiotap Header > SSI signal,SSI Noise The actual SSI signal is SSI signal – SSI noise.

 If you want to add a column named SSI: right click the ssi signal in the packet info > Apply as Column

apply_as_column

IEEE 802.11 Beacon frame

BSSID = Source address

Beacon interval: if you have VOIP wireless device, it’s better to configure the interval to lower than 100ms, like 50ms.

Filter the frames by signal strength:

radiotap.dbm_antsignal < -65

  • Layer 2 info – 802.11
  • wlan addr = MAC

 

VoIP
Two phases of voice calls
Call setup
  • SIP, open standard, contains SDP
  • SCCP
Voice stream transfer
  • RTP generally ports 8000-9000
  • RTCP
Where to place your tap
  • Closest to the phone as possible
Statistics to detect packet loss
  • Telephony/RTP/Show All Streams
Jitter = variance
  • Anything above 20ms is noticable