From Allegro Network Multimeter Manual
Jump to navigation Jump to search

The WiFi settings page contains the configuration for the WiFi monitoring feature and the WiFi decryption feature.

WiFi interfaces

Here the connected WiFi monitoring devices can be configured.

Above the table there is a Country dropdown menu where the correct country of operation can be set. This has a regulatory purpose and affects which channels are available for monitoring.

In the table below, each attached WiFi monitoring device is listed along with it's configuration:

  • Device: the name with which the device identifies itself. This is not unique but multiple devices with the same name keep a stable order in the list.
  • Enable WiFi monitoring: controls if the device should be used to monitor WiFi traffic.
  • Channel: selects the frequency on which the device should monitor.
  • Mode: selects the WiFi channel mode to be used for monitoring. This depends on the configuration of the WiFi that should be monitored. As a rule of thumb for modern WiFi networks the settings HT40+ and HT40- are the most likely for channels in the 2.4GHz range and 80MHz is the most common for channels in the 5GHz range.
  • Scan: this button starts a scan for WiFi networks on the respective device. The result of the scan is shown at the bottom of the page after a few seconds. WiFi monitoring will be interrupted on the device for a few seconds and will automatically resume when the scan is done.

WiFi scan results

When a WiFi scan has been performed the scan results will be shown in a table at the bottom of the page. The table shows the SSID (if available), the BSS, channel and frequency information and signal strength for each WiFi network. A link to the raw scan output for each network is also provided. This contains a lot of additional information about the settings of the WiFi network.

WiFi decryption

In this tab the SSIDs and their associated PSKs (Pre Shared Key) are configured for WiFi decryption. For WiFi networks that use WPA2-PSK the traffic of a client can be decrypted if the PSK is know at handshake time.

This works for live WiFi monitoring and PCAP analysis of WiFi traffic.

If traffic can be decrypted the packets are converted into Ethernet packets with the appropriate source and destination MAC addresses. These Ethernet packets are then analyzed and potentially captured by the system just like regular Ethernet packets from a wired network interface.