Reading a book on Wireless LANs is good thing to get you started on how data is transmitted over a Wireless LAN network. At some point, however, it’s time to get some first hand experience and use a network tracer to see what’s going on. For fixed Ethernet networks, a program such as Wireshark is an easy and free tool to get you started. Under Linux, it can also be used to trace Wireless LAN layer 2 packets with the help of some tricks as described on the Wireshark Wiki. On Windows XP, however, things are somewhat more tricky. This is due to the proprietary nature of most WLAN network drivers which can simply not be tweaked to forward layer two packets to Wireshark. It seems that for Windows users, there are nevertheless three possibilities to get the packets to a network analyzer program.
Option 1: Cace technologies offers a WLAN USB stick and network driver (AirPcap) for Wireshark for Windows. The bundle costs $198. Downside: Only WEP decryption is supported. This is quite unfortunate as many networks use WPA or WPA2 today. This very much reduces its usefulness in today’s wireless environments.
Option 2: Second option is a cool software called AiroPeek by Wildpackets. It far exceeds the functionality and user interface of Wireshark and supports a wide range of different wireless LAN adapters. According to the FAQ, AiroPeek also supports WPA decryption. No WPA2 decryption as of yet. The downside in this case is the price. Plan to spend around $2000 for the entry version. Hardly a price for the home user.
Option 3: With a bit of work it is possible to use a number of Linksys access point models (e.g. the WRT54) for Wireless LAN tracing. For details, take a look here. The big advantage: The access point is around $50, the tracing software (OpenWRT and Kismet) is free.
Wireshark now also supports WPA decryption so this MIGHT include support for Airpcap as well. Take a look here: http://wiki.wireshark.org/HowToDecrypt802.11