I have always thought that capturing wireless frames on several channels must have been done with several NIC-adapters in monitor mode. I have seen several pictures and videos showing 4, or even 8, adapters in a usb-hub, each capturing on a single 20MHz-channel.
But last week I used my WLANPi and the script from Nigel Bowden to capture on a 80MHz-channel. And what do I see when capturing at UNII-1 with 4 APs, each at 20MHz and using channels 36, 40, 44 and 48
Beacon from all 4 APs
In Wireshark each beacons radiotapheader reports channel 36, so thats little misleading. This is the channel you use when starting the script. But the HT Information Element in the beacons carry primary channel information, so using that as a colum it’s easy to see that I am capturing at every 20MHz-channel in the 80MHz-space.
This figure shows those four beacon with the same SSID where the radiotap header report channel 36, while til primary channel in HT IE report its correct channel
To check if I could capture roaming between those four APs I did a simple test.
– 4 AP in my office, 20MHz, channel 36, 40, 44 and 48
– associate my test client to the SSID
– waited til the test client was associated. On Android, Network Analyzer from technet is very useful to see the association status and associated channel
– disabled the AP the test client was associated to
– waited til the client had roamed to another AP
– and so on
This figure shows the (re)association request and (re)association response. As we can see, the test client roamed between all four AP. The (re)association response also carry the HT Information Element and its primary channel
Remarks
This is a simple test in a very low congested environment and the likelihood for a simultaneously transmisson in each BSSID is low.
If the RF environment are higher congested the likelihood for collision at the capturing device is higher, even it’s not a collision inside the BSSID. So we must assume that the capture could miss some frames.
If you want to test this by yourself, here is the link from Nigel Bowden for the WLANPiShark
- Nigels blog article: WLANPiShark: Wireless Capture With a WLANPi on Windows
- Nigel at Github, script and user guide WLANPi upgrade: github
I hope this is useful
Update
After I published this article did Peter Mackenzie a lot of tests in his lab. He denied this feature at first, but after several days of testing, he admitted it was a nice feature. It has some flaws and he has documented the methods and the flaws in this article.
For CWAP-studies it is a simple and cheap method for testing a lot of 802.11 features
Gjermund Raaen 
[…] Nigel’s blog, Gjermund Raaen wrote a blog article (here) describing how he was able to capture four 20MHz channels by using the WLAN Pi and WLANPiShark […]
LikeLike
[…] Nigel’s blog, Gjermund Raaen wrote a blog article (here) describing how he was able to capture four 20MHz channels by using the WLAN Pi and WLANPiShark […]
LikeLike