802.11ac Packet-Analysis Finally Arrives

802.11ac Packet-Analysis Finally Arrives!

WildPackets Logo

At Wireless Tech Field Day 5 – we were privileged to be hosted by our friends at WildPackets. A year ago, we saw some of the first inklings of 802.11ac – the ideas on how to decode these new type frames were discussed, but the hardware that would allow this from a USB device wasn’t yet on the market.

Today, however, we not only had a demonstration of the first professional-grade packet analysis software doing 802.11ac decodes – but not from linking to an access point, but directly from a small USB 802.11ac Wi-Fi NIC!

Not only were we exposed to a demonstration, but each delegate was given the opportunity to try it themselves, on their own laptops. Since I’m a Mac user, I’ve grown accustom to running a Windows 7 Professional in a Virtual Machine. My software of choice for this is Parallels.

In order to do this feat – of decoding live 802.11ac without using an access point as the capture devices you’ll need a couple of items.

  1. Licensed copy of WildPacket’s OmniPeek software.
  2. OmniPeek’s latest code update – this includes the decodes and refreshed screens to include 802.11ac analysis.
  3. Linksys-Cisco AE6000 USB Wi-Fi NIC. This is using a Ralink chipset.
  4. A customized driver from WildPackets to help the Wi-Fi NIC go into ‘promiscuous-mode’ to allow it to capture packet traffic from devices other than itself.
  5. For Macintosh OS X users – you’ll also need to follow the specific driver installation steps listed below.

Linksys AE6000The Linksys/Cisco AE6000 is a USB 2.0 single spatial stream 802.11ac Wi-Fi NIC. So it’s not going to be able to give you everything at this point. But it will have the ability to decode 802.11ac or VHT frames. With the custom driver from WildPackets it can be placed in promiscuous mode and work with their packet capture software.


Now for the actual processes to get this to work on a Macintosh OS X – running Windows 7 Professional in a Parallels virtual machine.

  1. Open Parallels Windows 7 virtual machine
  2. Install WildPacket’s OmniPeek – including entering your registration informationInstall OmniPeek
  3. Insert Linksys AE6000 USB Wi-Fi NIC in your laptop
  4. Be sure to have Parallels assign this device to the Windows environment
  5. Go to Control Panel à Device Manager à Linksys AE6000
  6. Right Click on the icon for AE6000 that is currently unassigned as to device type (since no drivers have yet been loaded for it)
  7. Choose Update Driver Software
  8. Choose Browse My Computer for driver softwareChoose my computer for driver software
  9. Choose Let me pick from a list of device drivers on my computerLet me pick from a list of device drivers
  10. Do NOT allow the update driver software to try and install this automatically, you’re going to have to use this ‘I have a disk’ technique from Windows 98… I know, it’s quite old, but it still will work in this situation.
  11. Scroll down and select Ralink Technology, Inc. on the left
  12. Then scroll in the right side to the bottom of the list and choose WildPackets Wireless AdapterSelect Ralink
  13. Click Have Disk
  14. Browse to the location of the new custom driver for the Linksys AE6000
  15. This should be at least version of the custom WildPackets driver
  16. Wait while the driver is installed
  17. You should now see a WildPackets Wireless Adapter icon under Network Adapters in your Device ManagerDriver Success
  18. Open WildPackets OmniPeek
  19. Open a new capture and choose the new adapter you just installedOmniPeek Adapter Choice
  20. Set the 802.11 channel to a 5GHz frame on a channel where 802.11ac exists
  21. Start capturing 802.11ac Frames!OmniPeek Capturing

I know this seems like a long detailed process – but its really quite simple – the only real trick is to use the older-style way to do the ‘Have Disk’ option for driver installation. (Thanks to my friend Sam Clements for helping with this trick – you can find more from Sam at http://sc-wifi.com or on Twitter as @Samuel_Clements)

You too can now capture and decode 802.11ac frames directly on your laptop using a USB Wi-Fi NIC.

Thanks to the team at WildPackets for our session today, and especially to Jay Botelho for his expertise in packet analysis.