So, I have a concept, and this concept involves running a Tacsoft (with other comlinks slaved to mine, taking up subscription slots... how does that work?), capturing wireless communications (presumably from security forces)and Decrypting them. My character wont be a Hacker per ce but I was wondering what sort of programs/steps would I have to do to achieve this. Obviously I want to take a ‘step softly’ approach, and run my PAN in hidden mode as duking it out with a real Hacker would be all sorts of bad.

So far the program list for what I /think/ I need is.
Stealth (to make it harder for trace user/matrix perception attempts, not entirely sure I need this as I dont know if I need to go into other nodes)
Decrypt (obviously to decrypt the wireless communcations)
ECCM (to Resist jamming, either by me or someone else)
Encrypt (to keep the integrity of my Tactical AR network, having that compromised would be a bad thing)
Sniffer (capture wireless signal)
Scan (to find wireless networks, do I need this?)

So, I think that is it. But wouldnt mind some advice if I have got the steps wrong or what have you. So, hidden pan, firewall 6, and soft sim. Not sure if there is a different track I would need for radio signals or if it is all commlink/pan now. So what would be important (and helpful to me) is a step by step to capture wireless signals, (aka Step 1: use scan to find network, Step 2: use sniffer, Step 3: Decrypt) whilst avoiding having my commlink compromised in return.

Scan is used to find hidden nodes. The free action "Detect Active/Passive wireless nodes" automatically finds all nodes within signal range in either active or passive mode.

You would use the Initiate Cryptanalysis complex action to decrypt the signals that you get using the Intercept Traffic complex action (as you will most likely not have the encryption key they are using).

You will definitely need the scan program, the sniffer program, the decrypt program and the eccm program. You will also need the stealth program because you will need to have an icon in all nodes through which traffic is routed (see SR4a, pg 230 under Intercept Traffic). And encrypt will keep your tacnet secure.

You say that you will not be a hacker per se, but you will need the hacking skill and the electronic warfare skill.

As for a step by step:

1. Use the free action detect a/p wirelee nodes followed by the complex action detect hidden node for a specific node or the extended test for a general mutual signal range search {electronic warfare + scan (4) test for the specific, electronic warfare + scan (15+, 1 combat turn) for the general}

2. Once you find all the nodes you will need to decide if you want all the traffic (the intercept traffic complex action) or just the wireless traffic to and from one device (the capture wireless signal complex action).

a) If you want all the traffic, you will need to be in the "central" node where all the communications that you what to capture are routed through (much like yours will be doing with the tacnet). It will most likely be encrypted so you will need to break the encryption before you can intercept the traffic. {electronic warfare + decrypt (enemy encryption rating * 2, 1 combat turn) extended test to break}

b) If you just want the traffic from one device you need to decrypt as above (as necessary) then go 3b.

3. a) For all traffic, once the encryption is broken, you can start to intercept the traffic. Make a hacking + sniffer test. The hits become the threshold for other on that network to detect your sniffing with a matrix perception test. You must be within the central devices signal range, and you can copy, record and forward the traffic without any other tests. To block or alter some of the traffic before sending it along, you will need to use the edit action. To insert fake traffic you must succeed in an opposed test between your hacking + sniffer and the recipient's firewall + system.

b) For one device traffic you make an electronic warfare + sniffer (3) test to start the capture. There is no way for anyone to detect this type of operation unless they have access to your commlink. You must remain in the devices signal range, and you can copy, record and forward the traffic without any other tests. You cannot block, alter, or insert with this action.

To avoid having your commlink compromised, make sure that you have a good firewall and system score and you really should be a hacker or have the hacker do this job. You will need cybercombat and attack programs (the armor and medic programs are also highly recommended) because you may need to kick the intruder out (or you may need to fight to keep yourself in the central node in the intercept traffic option).