WiFi Sniffing

Hardware

this hard ware we recommend to be used for WiFi sniffing:

• CSL USB 2.0 WLAN Adapter 300Mbit (2,4/5GHz)

This HW based on a Chipsatz: Ralink RT5572 and is Dual Freq. 2.4 and 5 GHz as well as it has RP-SMA Antenna Connectors. The standard Linux Kernel Driver has built in and enabled Monitor Mode which is needed to fetch all WiFi Traffic. By use of another WiFi Stick/Module please need make sure you will have a Driver with enabled Monitor Mode available.

Software

• Linux OS - we recommend a Ubuntu 20.04 based Linux 64bit
• Wireshark 3.2.5 - you can test this wireshark - v
• you can use other tools as well but make sure the tool can generate *.pcapng or *.pcap logfiles so we can analyze them

To setup and configure the WiFi HW driver, Linux Network Subsystem as well as Wireshark with all needed parameter we provide [here]ltrx_wifi_sniffer.sh a Script to setup all automatic.

Notes

• please use the WiFi interface of the HW you want to use phy#*
• you can easy check this by type without new HW installed iwconfig
• connect the new HW to your Computer and run iwconfig again - there will be a new device show up wl*

wlxdc4ef4086948  IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short  long limit:2   RTS thr:off   Fragment thr:off
          Power Management:off
          
wlp3s0    IEEE 802.11  ESSID:"FALINT"  
          Mode:Managed  Frequency:2.422 GHz  Access Point: 18:A6:F7:F4:D2:48   
          Bit Rate=300 Mb/s   Tx-Power=22 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

• when start the [Script]ltrx_wifi_sniffer.sh choose the phy#* with the interface name wl*

phy#2
	Interface wlxdc4ef4086948
		ifindex 8
		wdev 0x200000001
		addr dc:4e:f4:08:69:48
		type managed
		txpower 20.00 dBm
phy#0
	Interface wlp3s0
		ifindex 3
		addr 7c:5c:f8:e4:5d:e6
		type P2P-device
		txpower 0.00 dBm