Why do I use multiple adapters to capture wireless traffic?
I must love all the crazy questions and looks I get when I walk done the hall with my tray, laptop and 8 adapters sticking out of it. Most of the times people say the same thing.
Either "I thought you were gonna play me a song with that thing" or if they want to show their age they will say "You look like the lady in the club selling cigarettes" to which I always say " I don't have the legs for it"
This begs the question Why don't I use the Sidekick for this? I like most Wireless Engineers like to have multiple tools at my disposal. l find Omnipeek with multiple adapters is the best tool for this job.
When I do a wireless capture, I need to see all the data between the devices and APs. The only way to do this is to dedicate each adapter to a single channel. The data I am looking for are the beacon traffic, all the management traffic, probe requests, and probe responses, and when the devices do, roam I want to capture the authentication request, authentication response, the reassociation request, and reassociation response, any EAP exchange, and the entire 4-way handshake.
The only way I can see all this data is to scan the eight of the strongest channels in the area.
In my presentation I will go through how I use Omnipeek and Wireshark to capture and analyze the data.