Most of the tools provide a feature called "channel hopping" where in a single adapter switches its frequencies and sniffs the packets and all the packets are show in a single display window for analysis. But during this channel hopping we get to lose some packets often important for analysis, So this is not so useful. Only place this is useful is in the "scanning" process where we can get list of STA's/AP's surrounding the area.
The main use case of this is roaming, while a STA roams from one AP to other AP and if the AP's are in different channels its difficult to test roaming functionality/performace without seeing packets from all channels together. The below tools provide this facility
Omnipeek
It provides a plugin called "multi-channel aggregator" which aggregates packets from multiple NIC's operating in different channels in to a single display window, making it easier for packet analysis.
Linux
From wireshark version 1.8.0 we can even capture from multiple interfaces simultaneously, it aggregates them and shows them in a single instance and in a single list. Pretty useful in doing multi-channel roaming.
Before wireshark 1.8.0 we need to use a bond the 2 adapters together and then use them as a single adapter for sniffing.
A nice picture from omnipeek explains this.
No comments:
Post a Comment