102 lines
3.3 KiB
Bash
Executable File
102 lines
3.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# Raspberry Pi 5 WiFi Monitor Mode - Capture RA/TA Addresses
|
|
# This script sets up monitor mode and captures 802.11 frames showing RA and TA
|
|
|
|
set -e
|
|
|
|
WIFI_INTERFACE="wlan0"
|
|
CHANNEL="${1:-11}" # Default to channel 11, or pass as argument
|
|
FILTER_MAC="${2:-}" # Optional: filter by MAC address (e.g., 80:84:89:93:c4:b6)
|
|
|
|
echo "=== Raspberry Pi 5 WiFi Monitor - RA/TA Capture ==="
|
|
echo "Interface: $WIFI_INTERFACE"
|
|
echo "Channel: $CHANNEL"
|
|
if [ -n "$FILTER_MAC" ]; then
|
|
echo "Filter: $FILTER_MAC"
|
|
fi
|
|
echo ""
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root (use sudo)"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if interface exists
|
|
if ! ip link show "$WIFI_INTERFACE" &>/dev/null; then
|
|
echo "Error: Interface $WIFI_INTERFACE not found"
|
|
exit 1
|
|
fi
|
|
|
|
# Check current mode
|
|
CURRENT_MODE=$(iw dev "$WIFI_INTERFACE" info 2>/dev/null | grep "type" | awk '{print $2}' || echo "unknown")
|
|
|
|
if [ "$CURRENT_MODE" != "monitor" ]; then
|
|
echo "Setting $WIFI_INTERFACE to monitor mode..."
|
|
ip link set "$WIFI_INTERFACE" down
|
|
iw dev "$WIFI_INTERFACE" set type monitor
|
|
ip link set "$WIFI_INTERFACE" up
|
|
iw dev "$WIFI_INTERFACE" set channel "$CHANNEL"
|
|
echo "Monitor mode activated on channel $CHANNEL"
|
|
else
|
|
echo "Already in monitor mode, setting channel to $CHANNEL..."
|
|
iw dev "$WIFI_INTERFACE" set channel "$CHANNEL"
|
|
fi
|
|
|
|
echo ""
|
|
echo "=== Starting Capture (showing RA/TA addresses) ==="
|
|
echo "Press Ctrl+C to stop"
|
|
echo ""
|
|
|
|
# Build tcpdump filter
|
|
TCPDUMP_FILTER=""
|
|
if [ -n "$FILTER_MAC" ]; then
|
|
# Remove colons from MAC for tcpdump
|
|
MAC_CLEAN=$(echo "$FILTER_MAC" | tr -d ':')
|
|
TCPDUMP_FILTER="ether host $FILTER_MAC"
|
|
fi
|
|
|
|
# Use tcpdump with verbose output to show MAC addresses
|
|
# -e shows link-level headers (includes MAC addresses)
|
|
# -n prevents DNS resolution
|
|
# -v increases verbosity
|
|
if [ -n "$TCPDUMP_FILTER" ]; then
|
|
tcpdump -i "$WIFI_INTERFACE" -e -n -v "$TCPDUMP_FILTER" 2>&1 | \
|
|
grep -E "(ether|RA|TA|SA|DA|BSSID)" | \
|
|
awk '
|
|
{
|
|
# Extract MAC addresses from tcpdump output
|
|
# tcpdump shows: ether src/dst MAC
|
|
if (match($0, /ether (src|dst) ([0-9a-f:]{17})/, arr)) {
|
|
direction = arr[1]
|
|
mac = arr[2]
|
|
print "[" direction "] " mac
|
|
}
|
|
# Also show full frame info
|
|
print $0
|
|
}'
|
|
else
|
|
# Show all frames with MAC address extraction
|
|
tcpdump -i "$WIFI_INTERFACE" -e -n -v 2>&1 | \
|
|
while IFS= read -r line; do
|
|
# Extract and highlight MAC addresses
|
|
if echo "$line" | grep -q "ether"; then
|
|
# Extract source MAC (TA in 802.11)
|
|
if echo "$line" | grep -q "ether src"; then
|
|
TA=$(echo "$line" | grep -oP 'ether src \K[0-9a-f:]{17}' || echo "")
|
|
if [ -n "$TA" ]; then
|
|
echo "TA (Transmitter): $TA"
|
|
fi
|
|
fi
|
|
# Extract destination MAC (RA in 802.11)
|
|
if echo "$line" | grep -q "ether dst"; then
|
|
RA=$(echo "$line" | grep -oP 'ether dst \K[0-9a-f:]{17}' || echo "")
|
|
if [ -n "$RA" ]; then
|
|
echo "RA (Receiver): $RA"
|
|
fi
|
|
fi
|
|
fi
|
|
echo "$line"
|
|
done
|
|
fi
|