Skip to content

GitLab

Last edited by Guido Voigt
Page history
This is an old version of this page. You can view the most recent version or browse the history.

wiki_wifi_sniffing

WiFi Analyzing/Sniffing

Hardware

this hard ware we recommend to be used for WiFi sniffing:

This HW based on a Chipsatz: Ralink RT5572 and is Dual Freq. 2.4 and 5 GHz as well as it has RP-SMA Antenna Connectors. The standard Linux Kernel Driver has built in and enabled Monitor Mode which is needed to fetch all WiFi Traffic. By use of another WiFi Stick/Module please need make sure you will have a Driver with enabled Monitor Mode available.

Software

  • Linux OS - we recommend a Ubuntu 20.04 based Linux 64bit
  • Wireshark 3.2.5 - you can test this wireshark - v
  • you can use other tools as well but make sure the tool can generate *.pcapng or *.pcap logfiles so we can analyze them

To setup and configure the WiFi HW driver, Linux Network Subsystem as well as Wireshark with all needed parameter we provide here a Script to setup all automatic.

Test Setup

Please try to setup like shown below:

  • setup AP's and DUT with WPA2-PSK CCMP/CCMP security with same key
  • Both AP's were configured with 50ms beacon intervals
  • Both AP's and the DUT are setup on same channel and same bandwidth (20MHz)
  • Try to isolate as much as possible from other WiFi networks of RF noise - best by located all inside a isolation chamber
  • Roaming settings were:
  • Scan Interval: 8 seconds
  • RSSI Delta (2.4 GHz): 9 dBm (may not applicable in this testing.)
  • RSSI Delta (5 GHz): 8 dBm
  • Roam Threshold (2.4 GHz): -50 dBm (may not applicable in this testing.)
  • Roam Threshold (5 GHz): -50 dBm
  • setup diagram TestSetup

generate data traffic

to generate traffic and test the performance use below commands or adapt them according to you needs:

  • Setup Receive System (Linux PC/Laptop/Server)

  • setup with iperf command : iperf -s -u -i1

  • example : iperf -s -u -i1

  • Setup Sender System (Linux PC/Laptop/Server)

  • setup with iperf command : iperf -c<IP of Receiver> -u -b<data rate in Mbit/s>M -i1 -t<how long in s>

  • example : iperf -c192.168.1.2 -u -b1M -i1 -t900

Notes

  • please use the WiFi interface of the HW you want to use phy#*
  • you can easy check this by type without new HW installed iwconfig
  • connect the new HW to your Computer and run iwconfig again - there will be a new device show up wl*
wlxdc4ef4086948  IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short  long limit:2   RTS thr:off   Fragment thr:off
          Power Management:off
          
wlp3s0    IEEE 802.11  ESSID:"FALINT"  
          Mode:Managed  Frequency:2.422 GHz  Access Point: 18:A6:F7:F4:D2:48   
          Bit Rate=300 Mb/s   Tx-Power=22 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on
  • when start the Script choose the phy#* with the interface name wl* 
phy#2
	Interface wlxdc4ef4086948
		ifindex 8
		wdev 0x200000001
		addr dc:4e:f4:08:69:48
		type managed
		txpower 20.00 dBm
phy#0
	Interface wlp3s0
		ifindex 3
		addr 7c:5c:f8:e4:5d:e6
		type P2P-device
		txpower 0.00 dBm
  • You need to have root access on you Linux system to be able to configure the Network Layer!
  • After Wireshark start use the already marked interface - most probably it will be mon0 by click on the blue left top shark Icon.
  • we recommend to activate the Wireless Toolbar as well go to Wireshark Menu Bar: View -> Wireless Toolbarclick to activate
  • in the Wireless Toolbar mon0 should be shown as Interace and the channel you want to analyze should be shown.
  • by use the drop down box you should be able to select the needed channel
  • if you can NOT change the channel - you setup is not correct.
  • now you should be able to see WiFi packages in the View like shown in this Screenshot
  • generate PSK from SSIS+passphrase converter