The company I work for makes a Wi-Fi scanner, and while I think that it does a really good job of interpreting 802.11 beacons and probe responses, every now and then a customer finds a little bug, or at least a weird beacon from an access point or SOHO wireless router.
For a long time, I wished that I had a way to replay those beacons to see how our Wi-Fi scanner would interpret them, firsthand. Today, I had an epiphany. I have an AirPcap Nx, which in addition to being a packet capture device is also a packet injection tool!
If you have a PCAP file containing beacons, you can easily replay them with the AirPcap Nx. Here's how to do it:
1. Open the PCAP file in Wireshark.
2. Select the beacon that you wish to replay by clicking on it.
3. Save the selected beacon off to a new file in File > Export Specified Packet with the Selected Packet option.
4. Open AirPcapReplay.
5. Set the Transmit Mode to User-defined Packet Period, check Respect Packet Channel, and check Respect Packet R…