Filter
Top Products
16 AirPcap User’s Guide
• Decryption mode: can be one of the following:
o None: no decryption is performed, neither at the driver
level nor in Wireshark.
o Wireshark: the driver doesn’t perform any decryption of
the captured packets, and they are decrypted by
Wireshark while displaying them. This has the advantage
of minimizing the CPU load during the capture process.
Moreover, the driver doesn’t manipulate the packets, so
the captured data is a precise picture of the network
traffic. However, capture filters (also known as BPF
filters) on TCP/IP fields or packet payloads will not work.
Since this kind of decryption is done by the analyzer,
when you turn it on or off, you will see the changes
immediately reflected in the Wireshark window.
o Driver: the packets are decrypted by the driver before
reaching Wireshark. This option has two advantages:
capture filters on TCP/IP fields or packet payloads will
work; when logging the network traffic to disk, it will be
unencrypted. This will make it easier for third party
applications to understand them. Since this kind of
decoding is done during the capture, the changes you
make will be effective starting with the next capture.
• Wireless Settings: this button opens the Wireless Settings dialog
for the currently-selected AirPcap adapter. See the next section for
details.
• Decryption Keys: this button opens the Decryption Keys
Management dialog. See the “Decryption Keys Management
Dialog” section below for details.
The Wireless Settings Dialog
The Wireless Settings Dialog (Figure 7) can be used to set the advanced
parameters of an AirPcap adapter. The dialog can be accessed either from
the Wireless Toolbar (Wireless Settings) or from the main menu
(Capture→Options→Wireless Settings).