# Raspberry Pi 5 WiFi Monitor Mode Guide ## Quick Setup 1. **Copy the setup script to your Raspberry Pi:** ```bash scp rpi_monitor_setup.sh pi@your-pi-ip:~/ ``` 2. **SSH into your Raspberry Pi and run:** ```bash sudo ./rpi_monitor_setup.sh [channel] ``` Example for channel 11: ```bash sudo ./rpi_monitor_setup.sh 11 ``` ## Manual Setup (Alternative) If you prefer to run commands manually: ```bash # 1. Check available interfaces iw dev # 2. Bring down the interface sudo ip link set wlan0 down # 3. Set to monitor mode sudo iw dev wlan0 set type monitor # 4. Bring up the interface sudo ip link set wlan0 up # 5. Set channel (e.g., channel 11) sudo iw dev wlan0 set channel 11 # 6. Verify monitor mode iw dev wlan0 info ``` ## Capturing Packets Once monitor mode is active, you can capture packets: ### Using tcpdump (simple) ```bash # View packets in real-time sudo tcpdump -i wlan0 -n # Save to file sudo tcpdump -i wlan0 -w capture.pcap # Filter by MAC address (e.g., your Pi's MAC) sudo tcpdump -i wlan0 -n ether host 80:84:89:93:c4:b6 # Filter by channel (if using multiple interfaces) sudo tcpdump -i wlan0 -n -c 100 # Capture 100 packets ``` ### Using airodump-ng (advanced, requires aircrack-ng) ```bash # Install aircrack-ng if needed sudo apt-get update sudo apt-get install aircrack-ng # Capture on specific channel sudo airodump-ng wlan0 -c 11 # Save to file sudo airodump-ng wlan0 -c 11 -w capture ``` ### Using Wireshark (GUI) ```bash # Install wireshark if needed sudo apt-get install wireshark # Run wireshark (may need to add user to wireshark group) sudo wireshark -i wlan0 ``` ## Capturing RA/TA Addresses ### Quick Capture Script (Recommended) Use the provided Python script for best results: ```bash # Install scapy if needed sudo apt-get install python3-pip sudo pip3 install scapy # Capture on channel 11 (shows all frames with RA/TA) sudo python3 rpi_capture_ra_ta_python.py 11 # Capture and filter by specific MAC address sudo python3 rpi_capture_ra_ta_python.py 11 80:84:89:93:c4:b6 ``` The script will: - Automatically set monitor mode - Parse 802.11 frames correctly - Display RA (Receiver Address) and TA (Transmitter Address) - Show frame type, RSSI, length, and QoS info - Provide statistics when stopped (Ctrl+C) ### Alternative: Bash Script For a simpler bash-based solution: ```bash # Capture on channel 11 sudo ./rpi_capture_ra_ta.sh 11 # Capture and filter by MAC sudo ./rpi_capture_ra_ta.sh 11 80:84:89:93:c4:b6 ``` ## Monitoring Specific Traffic ### Filter by MAC address (TA/RA) ```bash # Capture frames from specific transmitter (TA) sudo tcpdump -i wlan0 -n ether src 80:84:89:93:c4:b6 # Capture frames to specific receiver (RA) sudo tcpdump -i wlan0 -n ether dst e0:46:ee:07:df:e1 # Capture frames involving either address sudo tcpdump -i wlan0 -n "ether host 80:84:89:93:c4:b6 or ether host e0:46:ee:07:df:e1" ``` ### Filter by frame type ```bash # Data frames only sudo tcpdump -i wlan0 -n "type wlan type data" # Management frames (beacons, probes, etc.) sudo tcpdump -i wlan0 -n "type wlan type mgt" # Control frames (RTS, CTS, ACK) sudo tcpdump -i wlan0 -n "type wlan type ctl" ``` ## Restoring Normal WiFi To restore normal WiFi operation: ```bash # Bring down interface sudo ip link set wlan0 down # Set back to managed mode sudo iw dev wlan0 set type managed # Bring up interface sudo ip link set wlan0 up # Reconnect to your network (use NetworkManager, wpa_supplicant, etc.) sudo nmcli device wifi connect "YourSSID" password "YourPassword" # OR sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf & sudo dhclient wlan0 ``` ## Troubleshooting ### Interface not found ```bash # List all network interfaces ip link show # Check WiFi interfaces specifically iw dev ``` ### Permission denied - Make sure you're using `sudo` for all monitor mode commands - Some distributions require adding your user to specific groups ### Can't set monitor mode - Some WiFi adapters don't support monitor mode - Check adapter capabilities: `iw phy | grep -A 10 "Supported interface modes"` - Raspberry Pi 5 built-in WiFi should support monitor mode ### Channel not changing - Make sure the interface is up: `sudo ip link set wlan0 up` - Try bringing it down first, then setting channel, then bringing it up ## Useful Commands ```bash # Check current interface status iw dev wlan0 info # Scan for networks (won't work in monitor mode, but useful before switching) iw dev wlan0 scan # Check signal strength and link info (before switching to monitor mode) iw dev wlan0 link # Monitor channel activity watch -n 1 "iw dev wlan0 info | grep channel" ``` ## Comparing with ESP32 Monitor When comparing captures between your ESP32 and Raspberry Pi: 1. **Ensure same channel**: Both devices must monitor the same channel 2. **Time sync**: Consider using NTP for accurate timestamp comparison 3. **MAC filtering**: Use tcpdump filters to match your ESP32's filter settings 4. **Frame types**: Both should capture the same frame types (data, management, control)