DEV Community

Rijul Rajesh
Rijul Rajesh

Posted on

Packet Sniffing 101: How to Focus on a Specific Wi-Fi Network

Packet sniffing isn’t always about listening to everything in the air. Sometimes, you want to focus on a specific Wi-Fi network — maybe for a security assessment, maybe for debugging. That’s where targeted sniffing comes into play.

Let’s walk through how to do this effectively using airodump-ng, and how to dig into the results using tools like Wireshark.

Why Target a Specific Network?

Imagine you’re in a location with dozens of Wi-Fi networks around. You're only interested in one — let’s call it MyTargetNetwork.

If you sniff everything, you'll end up with a lot of noise. Targeted sniffing lets you capture only the traffic that matters, making analysis easier and more insightful.

Step 1: Identify BSSID and Channel

Start by putting your wireless adapter into monitor mode and scanning the area:

airodump-ng mon0
Enter fullscreen mode Exit fullscreen mode

You’ll see output like this:

 BSSID              PWR  Beacons    #Data, CH  MB   ENC  CIPHER AUTH ESSID
 AA:BB:CC:DD:EE:FF  -43       45      120   6  54e  WPA2 CCMP   PSK  MyTargetNetwork
Enter fullscreen mode Exit fullscreen mode

From this, extract:

  • BSSID: AA:BB:CC:DD:EE:FF
  • Channel: 6

Step 2: Start Targeted Capture

Now focus only on the network you're interested in:

airodump-ng --bssid AA:BB:CC:DD:EE:FF --channel 6 --write test mon0
Enter fullscreen mode Exit fullscreen mode

This locks in on one channel and one access point. Example output:

 BSSID              STATION            PWR   Rate    Lost    Frames  Probe
 AA:BB:CC:DD:EE:FF  11:22:33:44:55:66  -61    54e     0       108     
 AA:BB:CC:DD:EE:FF  22:33:44:55:66:77  -72    36e     12      204
Enter fullscreen mode Exit fullscreen mode

Field Descriptions:

  • STATION: MAC address of a device connected to the network
  • PWR: Signal strength
  • Rate: Communication speed (in Mbps)
  • Lost: Packets lost during transmission
  • Frames: Number of frames captured

Step 3: Output Files

When writing is enabled using --write, airodump-ng creates several files:

test.cap             ← Full packet capture
test.csv             ← Summary data (APs and clients)
test.kismet.csv      ← For use with Kismet tools
test.kismet.netxml   ← XML-formatted metadata
Enter fullscreen mode Exit fullscreen mode

Of these, test.cap is the most useful for deep analysis — it contains the raw 802.11 packets.

Step 4: Analyzing in Wireshark

Open the .cap file in Wireshark:

wireshark test.cap
Enter fullscreen mode Exit fullscreen mode

What you’ll see:

  • Beacon frames, probe requests/responses, authentication requests, and more
  • If any WPA/WPA2 handshakes were captured, they’ll appear as well
  • You can filter by MAC address (e.g., wlan.addr == 11:22:33:44:55:66)

Sample Wireshark output:

No.     Time           Source                Destination           Protocol Info
25      2.135660       11:22:33:44:55:66     AA:BB:CC:DD:EE:FF     802.11   QoS Data
26      2.138994       AA:BB:CC:DD:EE:FF     11:22:33:44:55:66     802.11   ACK
27      2.145321       11:22:33:44:55:66     Broadcast             ARP      Who has 192.168.1.1?
Enter fullscreen mode Exit fullscreen mode

You can inspect each packet, view the raw bytes, protocol layers, and more.

Important Note on Encryption

If the network is open (no password), you’d be able to read DNS requests, websites visited, even plaintext data. However, most modern networks use WPA2 encryption, which means:

  • You can capture encrypted packets
  • But without the password or handshake + cracking, you can’t decrypt the contents

This is why, even with the .cap file, the payload data appears as gibberish.

Wrapping Up

Targeted packet sniffing is a practical way to zero in on a single Wi-Fi network. Whether you're an ethical hacker, network engineer, or curious learner, this technique helps reduce clutter and gives you rich, focused insight.

Just remember: always have permission before sniffing a network. Unauthorized access is illegal and unethical.

If you're a software developer who enjoys exploring different technologies and techniques like this one, check out LiveReview.

LiveReview delivers high-quality feedback on your PRs/MRs within minutes.
It saves hours per review by providing fast, automated first-pass insights. This helps both junior and senior engineers move faster.

If you're tired of waiting on peer reviews or unsure about the quality of feedback you'll receive, LiveReview is here to help.

Top comments (0)