Page 1 of 1

Filter Eapol??

Posted: Thu May 19, 2011 1:14 am
by tekio
I'm using a trial version of omnipeek, as well as testing other WiFi capture products out. So far, I really like Omnipeek the best.

There is one problem that bewilders me: how does it filter for specific authentication packets? I mean on all the other products, I just apply an eapol positive filter to get all the eapol auths, w/o needing to buffer a ton of superfluous data. On Wireshark, I just set a capture or display filter by typing "eapol".

I've done a little googling, and have not come across any specific instructions what-so-ever. I know I can set a capture filter for all 802.11 auth packets, but when capturing on a busy channel I just want specific eapol captured?


RE: Filter Eapol??

Posted: Thu May 19, 2011 11:37 am
You may want to try just setting up a filter for 802.1x authentication protocol, as EAPOL packets are a subset of these. Just add a filter, click Protocol, and 802.1x is one of the listed choices. That should do it.