WiFi Air Sniffer

1. install AirPcap dongle driver
 after installation, check device manager
 Packet Caputre devices - AirPcap USB Wireless Capture Adapter (or similar)

 
2. Run Wireshark (current version v1.10.6)
  Click icon menu "Show the caputre options" (or menu: Capture: Options)
  check the AirPcap driver
  double click, show "Edit interface Settings"
  Check "Caputre packets in promiscuous mode"
  Click "Wireless Settings"
  Set Channel (same as AP setting, for example 2412 BG11), Offset (0), Capture type (802.11+Radio)
  Click "Start" to capture packets, Click "Stop" to stop capturing

 
3. search all packets related with one AP/Sta
   wlan.addr == **:**:**:**:**:**
  

4. display filter

ip.src==*.*.*.*
ip.dst==*.*.*.*
http.request.method=="POST"；
tcp.srcport==80

wlan.addr == *.*.*.*
wlan.fc.type == 0 management frame
wlan.fc.type == 1 control frame
wlan.fc.type == 2 data frame
wlan.fc.type_subtype == 0x24 null data
wlan.fc.type_subtype == 0x28 qos data frame
wlan.fc.type_subtype == 0x00  Association request
wlan.fc.type_subtype == 0x01 Association response
wlan.fc.type_subtype == 0x04 Probe request
wlan.fc.type_subtype == 0x05 Probe response
wlan.fc.type_subtype == 0x08 Beacon
wlan.fc.type_subtype == 0x0B Authentication
wlan.fc.type_subtype == 0x1B Request to send
wlan.fc.type_subtype == 0x1C Clear to send
wlan.fc.type_subtype == 0x1D ACK
wlan.fc.type_subtype == 0x28  Qos data