#!/bin/bash
# Raspberry Pi 5 WiFi Monitor Mode - Capture RA/TA Addresses
# This script sets up monitor mode and captures 802.11 frames showing RA and TA

set -e

WIFI_INTERFACE="wlan0"
CHANNEL="${1:-11}"  # Default to channel 11, or pass as argument
FILTER_MAC="${2:-}"  # Optional: filter by MAC address (e.g., 80:84:89:93:c4:b6)

echo "=== Raspberry Pi 5 WiFi Monitor - RA/TA Capture ==="
echo "Interface: $WIFI_INTERFACE"
echo "Channel: $CHANNEL"
if [ -n "$FILTER_MAC" ]; then
    echo "Filter: $FILTER_MAC"
fi
echo ""

# Check if running as root
if [ "$EUID" -ne 0 ]; then 
    echo "Please run as root (use sudo)"
    exit 1
fi

# Check if interface exists
if ! ip link show "$WIFI_INTERFACE" &>/dev/null; then
    echo "Error: Interface $WIFI_INTERFACE not found"
    exit 1
fi

# Check current mode
CURRENT_MODE=$(iw dev "$WIFI_INTERFACE" info 2>/dev/null | grep "type" | awk '{print $2}' || echo "unknown")

if [ "$CURRENT_MODE" != "monitor" ]; then
    echo "Setting $WIFI_INTERFACE to monitor mode..."
    ip link set "$WIFI_INTERFACE" down
    iw dev "$WIFI_INTERFACE" set type monitor
    ip link set "$WIFI_INTERFACE" up
    iw dev "$WIFI_INTERFACE" set channel "$CHANNEL"
    echo "Monitor mode activated on channel $CHANNEL"
else
    echo "Already in monitor mode, setting channel to $CHANNEL..."
    iw dev "$WIFI_INTERFACE" set channel "$CHANNEL"
fi

echo ""
echo "=== Starting Capture (showing RA/TA addresses) ==="
echo "Press Ctrl+C to stop"
echo ""

# Build tcpdump filter
TCPDUMP_FILTER=""
if [ -n "$FILTER_MAC" ]; then
    # Remove colons from MAC for tcpdump
    MAC_CLEAN=$(echo "$FILTER_MAC" | tr -d ':')
    TCPDUMP_FILTER="ether host $FILTER_MAC"
fi

# Use tcpdump with verbose output to show MAC addresses
# -e shows link-level headers (includes MAC addresses)
# -n prevents DNS resolution
# -v increases verbosity
if [ -n "$TCPDUMP_FILTER" ]; then
    tcpdump -i "$WIFI_INTERFACE" -e -n -v "$TCPDUMP_FILTER" 2>&1 | \
        grep -E "(ether|RA|TA|SA|DA|BSSID)" | \
        awk '
        {
            # Extract MAC addresses from tcpdump output
            # tcpdump shows: ether src/dst MAC
            if (match($0, /ether (src|dst) ([0-9a-f:]{17})/, arr)) {
                direction = arr[1]
                mac = arr[2]
                print "[" direction "] " mac
            }
            # Also show full frame info
            print $0
        }'
else
    # Show all frames with MAC address extraction
    tcpdump -i "$WIFI_INTERFACE" -e -n -v 2>&1 | \
        while IFS= read -r line; do
            # Extract and highlight MAC addresses
            if echo "$line" | grep -q "ether"; then
                # Extract source MAC (TA in 802.11)
                if echo "$line" | grep -q "ether src"; then
                    TA=$(echo "$line" | grep -oP 'ether src \K[0-9a-f:]{17}' || echo "")
                    if [ -n "$TA" ]; then
                        echo "TA (Transmitter): $TA"
                    fi
                fi
                # Extract destination MAC (RA in 802.11)
                if echo "$line" | grep -q "ether dst"; then
                    RA=$(echo "$line" | grep -oP 'ether dst \K[0-9a-f:]{17}' || echo "")
                    if [ -n "$RA" ]; then
                        echo "RA (Receiver):   $RA"
                    fi
                fi
            fi
            echo "$line"
        done
fi