WiFi Sniffing
Hardware
this hard ware we recommend to be used for WiFi sniffing:
This HW based on a Chipsatz: Ralink RT5572 and is Dual Freq. 2.4 and 5 GHz as well as it has RP-SMA Antenna Connectors. The standard Linux Kernel Driver has built in and enabled Monitor Mode which is needed to fetch all WiFi Traffic. By use of another WiFi Stick/Module please need make sure you will have a Driver with enabled Monitor Mode available.
Software
- Linux OS - we recommend a Ubuntu 20.04 based Linux 64bit
- Wireshark 3.2.5 - you can test this
wireshark - v
- you can use other tools as well but make sure the tool can generate
*.pcapng
or*.pcap
logfiles so we can analyze them
To setup and configure the WiFi HW driver, Linux Network Subsystem as well as Wireshark with all needed parameter we provide [here]ltrx_wifi_sniffer.sh a Script to setup all automatic.
Notes
- please use the WiFi interface of the HW you want to use
phy#*
- you can easy check this by type without new HW installed
iwconfig
- connect the new HW to your Computer and run
iwconfig
again - there will be a new device show up wl*
wlxdc4ef4086948 IEEE 802.11 ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short long limit:2 RTS thr:off Fragment thr:off
Power Management:off
wlp3s0 IEEE 802.11 ESSID:"FALINT"
Mode:Managed Frequency:2.422 GHz Access Point: 18:A6:F7:F4:D2:48
Bit Rate=300 Mb/s Tx-Power=22 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
- when start the [Script]ltrx_wifi_sniffer.sh choose the
phy#*
with the interface namewl*
phy#2
Interface wlxdc4ef4086948
ifindex 8
wdev 0x200000001
addr dc:4e:f4:08:69:48
type managed
txpower 20.00 dBm
phy#0
Interface wlp3s0
ifindex 3
addr 7c:5c:f8:e4:5d:e6
type P2P-device
txpower 0.00 dBm