A Choice of Filters
People who do WLAN analysis agree that filtering is a part of sniffing WiFi frames/packets. More information can be extracted from captures when the focus is on one AP or station or protocol (or a combination of same). Where people disagree is on which type of filtering is best: capture filters or display filters? Yours truly is a capture filter man, and some iPhone analysis was a reminder why. Filtering 802.11 captures is covered pretty well in the CWAP Study Guide (of which I am a co-author). A capture filter extracts frames before they are captured. The only frames captured are the ones that match the filter. A display filter extracts frames after they are captured. Every frame is captured. Then the filter is applied so that only frames matching the filter are shown in the protocol analyzer. To use the example of a filter on my iPhone, if a capture filter were used then all of the frames from all of the other stations on my iPhone's channel would be lost. Usin