Umber
/
ESP32
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ESP32/RPI_MONITOR_GUIDE.md

5.0 KiB
Raw Permalink Blame History

Raspberry Pi 5 WiFi Monitor Mode Guide

Quick Setup

  1. Copy the setup script to your Raspberry Pi:

    scp rpi_monitor_setup.sh pi@your-pi-ip:~/

  2. SSH into your Raspberry Pi and run:

    sudo ./rpi_monitor_setup.sh [channel]

    Example for channel 11:

    sudo ./rpi_monitor_setup.sh 11

Manual Setup (Alternative)

If you prefer to run commands manually:

# 1. Check available interfaces
iw dev

# 2. Bring down the interface
sudo ip link set wlan0 down

# 3. Set to monitor mode
sudo iw dev wlan0 set type monitor

# 4. Bring up the interface
sudo ip link set wlan0 up

# 5. Set channel (e.g., channel 11)
sudo iw dev wlan0 set channel 11

# 6. Verify monitor mode
iw dev wlan0 info

Capturing Packets

Once monitor mode is active, you can capture packets:

Using tcpdump (simple)

# View packets in real-time
sudo tcpdump -i wlan0 -n

# Save to file
sudo tcpdump -i wlan0 -w capture.pcap

# Filter by MAC address (e.g., your Pi's MAC)
sudo tcpdump -i wlan0 -n ether host 80:84:89:93:c4:b6

# Filter by channel (if using multiple interfaces)
sudo tcpdump -i wlan0 -n -c 100  # Capture 100 packets

Using airodump-ng (advanced, requires aircrack-ng)

# Install aircrack-ng if needed
sudo apt-get update
sudo apt-get install aircrack-ng

# Capture on specific channel
sudo airodump-ng wlan0 -c 11

# Save to file
sudo airodump-ng wlan0 -c 11 -w capture

Using Wireshark (GUI)

# Install wireshark if needed
sudo apt-get install wireshark

# Run wireshark (may need to add user to wireshark group)
sudo wireshark -i wlan0

Capturing RA/TA Addresses

Quick Capture Script (Recommended)

Use the provided Python script for best results:

# Install scapy if needed
sudo apt-get install python3-pip
sudo pip3 install scapy

# Capture on channel 11 (shows all frames with RA/TA)
sudo python3 rpi_capture_ra_ta_python.py 11

# Capture and filter by specific MAC address
sudo python3 rpi_capture_ra_ta_python.py 11 80:84:89:93:c4:b6

The script will:

  • Automatically set monitor mode
  • Parse 802.11 frames correctly
  • Display RA (Receiver Address) and TA (Transmitter Address)
  • Show frame type, RSSI, length, and QoS info
  • Provide statistics when stopped (Ctrl+C)

Alternative: Bash Script

For a simpler bash-based solution:

# Capture on channel 11
sudo ./rpi_capture_ra_ta.sh 11

# Capture and filter by MAC
sudo ./rpi_capture_ra_ta.sh 11 80:84:89:93:c4:b6

Monitoring Specific Traffic

Filter by MAC address (TA/RA)

# Capture frames from specific transmitter (TA)
sudo tcpdump -i wlan0 -n ether src 80:84:89:93:c4:b6

# Capture frames to specific receiver (RA)
sudo tcpdump -i wlan0 -n ether dst e0:46:ee:07:df:e1

# Capture frames involving either address
sudo tcpdump -i wlan0 -n "ether host 80:84:89:93:c4:b6 or ether host e0:46:ee:07:df:e1"

Filter by frame type

# Data frames only
sudo tcpdump -i wlan0 -n "type wlan type data"

# Management frames (beacons, probes, etc.)
sudo tcpdump -i wlan0 -n "type wlan type mgt"

# Control frames (RTS, CTS, ACK)
sudo tcpdump -i wlan0 -n "type wlan type ctl"

Restoring Normal WiFi

To restore normal WiFi operation:

# Bring down interface
sudo ip link set wlan0 down

# Set back to managed mode
sudo iw dev wlan0 set type managed

# Bring up interface
sudo ip link set wlan0 up

# Reconnect to your network (use NetworkManager, wpa_supplicant, etc.)
sudo nmcli device wifi connect "YourSSID" password "YourPassword"
# OR
sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf &
sudo dhclient wlan0

Troubleshooting

Interface not found

# List all network interfaces
ip link show

# Check WiFi interfaces specifically
iw dev

Permission denied

  • Make sure you're using sudo for all monitor mode commands
  • Some distributions require adding your user to specific groups

Can't set monitor mode

  • Some WiFi adapters don't support monitor mode
  • Check adapter capabilities: iw phy | grep -A 10 "Supported interface modes"
  • Raspberry Pi 5 built-in WiFi should support monitor mode

Channel not changing

  • Make sure the interface is up: sudo ip link set wlan0 up
  • Try bringing it down first, then setting channel, then bringing it up

Useful Commands

# Check current interface status
iw dev wlan0 info

# Scan for networks (won't work in monitor mode, but useful before switching)
iw dev wlan0 scan

# Check signal strength and link info (before switching to monitor mode)
iw dev wlan0 link

# Monitor channel activity
watch -n 1 "iw dev wlan0 info | grep channel"

Comparing with ESP32 Monitor

When comparing captures between your ESP32 and Raspberry Pi:

  1. Ensure same channel: Both devices must monitor the same channel
  2. Time sync: Consider using NTP for accurate timestamp comparison
  3. MAC filtering: Use tcpdump filters to match your ESP32's filter settings
  4. Frame types: Both should capture the same frame types (data, management, control)