This project has been deprecated and it's been replaced by wlan-extcap.

---

wlanpi-extcap

Wireshark extcap interface for the WLAN Pi. It allows you to perform live remote captures on a specific channel using the WLAN Pi's Wi-Fi adapter.

This extcap interface is basically a wrapper for sshdump that includes an option to choose the channel we want to capture on. It also simplifies the configuration of the extcap interface so that the user doesn't deal with remote capture commands, etc.

Requirements

WLAN Pi

• Requires WLAN Pi 1.8.1 or newer.

macOS

• Everything needed is already installed.

Windows

• Python.
• The wlanpidump extcap interface requires the sshdump extcap interface, which is not installed by default on Windows. When installing Wireshark on Windows, select SSHdump as one of the components to install:

Setup

WLAN Pi:

If you're running WLAN Pi 1.8.2 or newer, there's nothing to setup. Otherwise, create the file /etc/sudoers.d/wlanpidump with the following content:

wlanpi ALL = (root) NOPASSWD: /sbin/iwconfig, /usr/sbin/iw

Note: This is required so that the extcap interface can put the Wi-Fi adapter into monitor mode and change the channel before starting the capture.

If you're running Wireshark on macOS:

1. Copy wlanpidump to /Applications/Wireshark.app/Contents/MacOS/extcap/
2. Make sure it has execution permissions:

chmod +x /Applications/Wireshark.app/Contents/MacOS/extcap/wlanpidump

If you're running Wireshark on Windows:

1. Copy wlanpidump to C:\Program Files\Wireshark\extcap\
2. Create a file called wlanpidump.bat in the same C:\Program Files\Wireshark\extcap\ directory with the following content:

@echo off
<PATH_TO_PYTHON_INTERPRETER> <PATH_TO_WLANPIDUMP> %*

Where <PATH_TO_PYTHON_INTERPRETER> is the path to the Python executable and <PATH_TO_WLANPIDUMP> is the path to the wlanpidump extcap interface script. For example:

@echo off
"C:\Program Files (x86)\Python37-32\python.exe" "C:\Program Files\Wireshark\extcap\wlanpidump" %*

Now launch Wireshark and verify that WLAN Pi remote capture is listed as an extcap interface:

Note: You will have to repeat the setup of the wlanpidump extcap interface on your computer each time you update Wireshark. The Wireshark installer doesn't preserve 3rd-party extcap interfaces added to the extcap folder.

Usage

1. Click the gear icon next to "WLAN Pi remote capture" to display the interface options, then choose the channel (and channel width) you want to capture on:

Note: All 802.11 channels are listed, however, the Wi-Fi adapter on the WLAN Pi may support only a subset of them. If you choose a channel that is not supported by the Wi-Fi adapter or a channel width that doesn't apply to the selected channel, the capture will fail.

2. Go to the Server tab and enter the WLAN Pi SSH address, e.g. 192.168.42.1.

3. Go to the Authentication tab and enter the username and password.

Note: The password is not saved, so to avoid having to enter the password each time you start a capture, I would recommend you setup passwordless SSH authentication.

4. Click the Start button to start the capture.