Improve test_monitor_tshark.sh: add duration option and better packet counting

- Add duration parameter (3rd argument, default 10 seconds, minimum 1 second)
- Change initial check to capture for 1 second instead of just 1 packet
- Count packets from actual capture output instead of running twice
- Fix field names (use wlan.fc.type/subtype instead of wlan.type)
- Show packet count summary at the end
- Display more packets (50 instead of 20)

Co-authored-by: Cursor <cursoragent@cursor.com>

test_monitor_tshark.sh

@@ -1,14 +1,22 @@
 #!/bin/bash
 # Test script to verify monitor mode works with tshark
+# Usage: ./test_monitor_tshark.sh [interface] [channel] [duration_seconds]
 
 set -e
 
 INTERFACE="${1:-wlan0}"
 CHANNEL="${2:-36}"
+DURATION="${3:-10}"  # Default 10 seconds, minimum 1 second
+
+# Ensure minimum 1 second
+if [ "$DURATION" -lt 1 ]; then
+    DURATION=1
+fi
 
 echo "=== Testing Monitor Mode with tshark ==="
 echo "Interface: $INTERFACE"
 echo "Channel: $CHANNEL"
+echo "Duration: $DURATION seconds"
 echo ""
 
 # Check if running as root
@@ -69,31 +77,46 @@ echo ""
 echo "Verifying monitor mode..."
 iw dev "$INTERFACE" info | grep -E "(type|channel)" || echo "Could not verify"
 
-# Check DLT with tshark
+# Check DLT with tshark (capture for 1 second)
 echo ""
-echo "Checking Data Link Type..."
-tshark -i "$INTERFACE" -T fields -e frame.number -c 1 2>&1 | head -5 || true
+echo "Checking Data Link Type (1 second test capture)..."
+TEST_OUTPUT=$(timeout 1 tshark -i "$INTERFACE" -T fields -e frame.number 2>&1)
+PACKET_COUNT=$(echo "$TEST_OUTPUT" | grep -E '^[0-9]+$' | wc -l || echo "0")
+echo "$TEST_OUTPUT" | tail -5 || true
+echo "Captured $PACKET_COUNT packet(s) in 1 second"
 
 echo ""
-echo "=== Starting tshark capture (10 seconds) ==="
+echo "=== Starting tshark capture ($DURATION seconds) ==="
 echo "Press Ctrl+C to stop early"
 echo ""
 
-# Capture for 10 seconds
-timeout 10 tshark -i "$INTERFACE" -n -T fields \
+# Capture for specified duration and count packets
+CAPTURE_OUTPUT=$(timeout "$DURATION" tshark -i "$INTERFACE" -n -T fields \
     -e frame.number \
     -e frame.time \
     -e wlan.sa \
     -e wlan.da \
-    -e wlan.type \
+    -e wlan.fc.type \
+    -e wlan.fc.subtype \
     -e wlan.fc.type_subtype \
-    2>&1 | head -20
+    2>&1)
+
+# Display first 50 lines of output
+echo "$CAPTURE_OUTPUT" | head -50
+
+# Count total packets captured
+FINAL_COUNT=$(echo "$CAPTURE_OUTPUT" | grep -E '^[0-9]+' | wc -l || echo "0")
 
 echo ""
 echo "=== Capture complete ==="
+echo "Total packets captured: $FINAL_COUNT"
 echo ""
-echo "If you saw packets above, monitor mode is working!"
-echo "If not, check:"
-echo "  1. Is there WiFi traffic on channel $CHANNEL?"
-echo "  2. Is the interface actually in monitor mode? (iw dev $INTERFACE info)"
-echo "  3. Try a different channel (e.g., 1, 6, 11 for 2.4GHz)"
+if [ "$FINAL_COUNT" -gt 0 ]; then
+    echo "✓ Monitor mode is working! Captured $FINAL_COUNT packet(s)"
+else
+    echo "✗ No packets captured. Check:"
+    echo "  1. Is there WiFi traffic on channel $CHANNEL?"
+    echo "  2. Is the interface actually in monitor mode? (iw dev $INTERFACE info)"
+    echo "  3. Try a different channel (e.g., 1, 6, 11 for 2.4GHz)"
+    echo "  4. Try a longer duration: sudo ./test_monitor_tshark.sh $INTERFACE $CHANNEL 30"
+fi