This is an old version of this page. You can view the most recent version or browse the history.

wiki_wifi_sniffing

WiFi Sniffing

Hardware

this hard ware we recommend to be used for WiFi sniffing:

CSL USB 2.0 WLAN Adapter 300Mbit (2,4/5GHz)

This HW based on a Chipsatz: Ralink RT5572 and is Dual Freq. 2.4 and 5 GHz as well as it has RP-SMA Antenna Connectors. The standard Linux Kernel Driver has built in and enabled Monitor Mode which is needed to fetch all WiFi Traffic. By use of another WiFi Stick/Module please need make sure you will have a Driver with enabled Monitor Mode available.

Software

Linux OS - we recommend a Ubuntu 20.04 based Linux 64bit
Wireshark 3.2.5 - you can test this wireshark - v
you can use other tools as well but make sure the tool can generate *.pcapng or *.pcap logfiles so we can analyze them

To setup and configure the WiFi HW driver, Linux Network Subsystem as well as Wireshark with all needed parameter we provide [here]ltrx_wifi_sniffer.sh a Script to setup all automatic.

Notes

please use the WiFi interface of the HW you want to use phy#*
you can easy check this by type without new HW installed iwconfig
connect the new HW to your Computer and run iwconfig again - there will be a new device show up wl*

wlxdc4ef4086948  IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short  long limit:2   RTS thr:off   Fragment thr:off
          Power Management:off
          
wlp3s0    IEEE 802.11  ESSID:"FALINT"  
          Mode:Managed  Frequency:2.422 GHz  Access Point: 18:A6:F7:F4:D2:48   
          Bit Rate=300 Mb/s   Tx-Power=22 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

when start the [Script]ltrx_wifi_sniffer.sh choose the phy#* with the interface name wl*

phy#2
	Interface wlxdc4ef4086948
		ifindex 8
		wdev 0x200000001
		addr dc:4e:f4:08:69:48
		type managed
		txpower 20.00 dBm
phy#0
	Interface wlp3s0
		ifindex 3
		addr 7c:5c:f8:e4:5d:e6
		type P2P-device
		txpower 0.00 dBm

You need to have root access on you Linux system to be able to configure the Network Layer!
After Wireshark start use the already marked interface - most probably it will be mon0 by click on the blue left top shark Icon.
we recommend to activate the Wireless Toolbar as well go to Wireshark Menu Bar: View -> Wireless Toolbarclick to activate
in the Wireless Toolbar mon0 should be shown as Interace and the channel you want to analyze should be shown.
by use the drop down box you should be able to select the needed channel
if you can NOT change the channel - you setup is not correct.
now you should be able to see WiFi packages in the View like shown in this Screenshot