A "brief" 3-step process
Step 1. Capture

Make sure your client is not already on the list.

Capture an ‘Association Request’ frame, on a 5GHz WiFi network. For those not familiar with 802.11 frame capture, this is the most difficult step.

  1. Make sure the WiFi Network is running on the 5GHz band, and preferebly an 802.11ac Access Point.

    1. [Optional] If possible, also enable 802.11k, 802.11r & 802.11v

  2. Begin your capture.

  3. Associate the device to the network.


Examples of how to carry out Step 2, per operating system, are below.

Capturing on OSX


From the terminal

You can run the following 3 commands from a terminal to disconnect, set the channel, then begin the capture:


$ sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -z
$ sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel=36
$ sudo tcpdump -s0 -I -i en0 -w capture.pcap


Replace “--channel=36” with --channel=<channel number of your AP>


From the GUI

  1. Alt-click the WiFi Icon and select ‘Open Wireless Diagnostics’ ...

  2. Select ‘Window-->Sniffer’ from the top menu-bar and ...

  3. Select channel of your AP & click ‘Start’. (Note, you’ll be prompted for your password).

1.Screen Shot 2016-03-30 at 8.10.40 PM.png2.Screen Shot 2016-03-30 at 8.17.33 PM.png3. Screen Shot 2016-03-30 at 8.19.59 PM.png


The file will be automatically saved to your desktop (ie “016.03.30_21-06-48-PDT.wcap”)

...or install Airtool, which makes this GUI method much faster.


Capturing on Windows

There is no ‘Native’ way to capture 802.11 frames on Windows. If you have a pro-tool, like OmniPeek or Metageek Eye P.A. with a supported capture card use one of those methods. More info on capturing 802.11 on windows (using Wireshark or other tool): here, here, here & here.

Capture on Linux (assuming monitor mode support)

ifdown wlan0

iw dev wlan0 set channel 6

iw dev wlan0 set type monitor

ifconfig wlan0 up

tcpdump -s0 -I -i wlan0 -w capture.pcap

Step 2. Randomize [Optional]

If you don’t want to randomize your capture, you can skip directly to the next step (Share). I will randomize any Association Request frame prior to sharing it on the list.

If you prefer to randomize the frame yourself, proceed to randomizer.mikealbano.com.

Follow the directions there. The most common gotcha is to ensure your capture file does not contain spaces.

Step 3. Share

If you randomized your capture file (Step 2), then just email me (mike@mikealbano.com) the following:

  • The filename you uploaded to randomizer.mikealbano.com

  • The type of device this is -- Please be specific, for example:

    • Motorola Moto X 3rd Gen EU

                Or
    • Huawei Nexus 6p APAC

Note the inclusion of regulatory-domain the device is in. Basically, this is to populate the first 3 columns of the list.

Be sure to include the type of device in your message. mike@mikealbano.com (@mike_albano on Twitter)


Wireshark display filter for Association Request frames: wlan.fc.type_subtype eq 0


Examples of useful info from Association Request frames here.

For more examples on packet capturing, see here.