Wireshark profiles to assist Wifi packet captures

By default wireshark display's standard view. This default view is useful but is of little help for wireless analysis.

In wireless packet capture, view of additional fields makes huge difference in packet analysis. Getting to know the frametype in default view is much easier than dissecting the packet and then knowing it was a “Management frame”.

The initial task of dissecting, organizing and putting it in right view can be eliminated by using custom profiles.

Wireless config profile created by Ben is one such wireshark profile.

This new profile view sets a firm ground for wireless packet analysis. It has predefined expressions, filters for beacon frames, probe requests, Assoc/Auth.

This customization was done on kali-linux using wireshark.

Step 1 – Extract files,

Download profile from this blog post. Extract Files.

Extract Wireshark profile


Step 2 -Path to configuration file in Wireshark

In Wireshark, Go to –> Edit- > Configuration profiles

Check where profiles are loaded.

In kali linux by default profiles are loaded from

/root/.config/wireshark/profiles/

Copy all profile files including folder to

/root/.config/wireshark/profiles/

Step 3 -Load New Profile

Go to –>Edit->Configuration profile –> locate new profile Wireshark Profile Path If expressions are not loaded then you can create expressions manually using “dfilter_buttons” files. These files are given in profile.

Without applying Wifi Profile

With Wifi Profile

References: https://www.airxperts.net/index.php/2018/07/10/improving-wireshark-for-wifi-packet-analysis/

#Wifi #howTo #wireshark


— By Fabian Darius