802.11 monitoring, attack detection and forensics has always been hard. It's almost immpossible to get any meaningful inference if one relies only on Wireshark filters. This is why we created Pcap2XML/SQLite, a tool to convert 802.11 trace files into equivalent XML and SQLite formats. Every single packet header field is mapped to a corresponding SQLite column. This allows us to create arbitrary queries on the packet trace file and we will show how this can be used for attack detection and forensics with live examples.
Vivek Ramachandran (Twitter: @securitytube) discovered the Caffe Latte attack, broke WEP Cloaking and publicly demonstrated enterprise Wi-Fi backdoors. He is the author of two best selling books on Wi-Fi Security and Pentesting which have sold over 13,000+ copies worldwide. He is the founder of SecurityTube.net and runs SecurityTube Training & Pentester Academy which has trained professionals from 90 countries. He has spoken and trained at a number of conferences including DEF CON, Black Hat USA / Europe / Abu Dhabi, Brucon, Hacktivity.