#!/bin/bash # Test script to verify monitor mode works with tshark # Usage: ./test_monitor_tshark.sh [interface] [channel] [duration_seconds] set -e INTERFACE="${1:-wlan0}" CHANNEL="${2:-36}" DURATION="${3:-10}" # Default 10 seconds, minimum 1 second # Ensure minimum 1 second if [ "$DURATION" -lt 1 ]; then DURATION=1 fi echo "=== Testing Monitor Mode with tshark ===" echo "Interface: $INTERFACE" echo "Channel: $CHANNEL" echo "Duration: $DURATION seconds" echo "" # Check if running as root if [ "$EUID" -ne 0 ]; then echo "Please run as root (use sudo)" exit 1 fi # Check if tshark is installed if ! command -v tshark &> /dev/null; then echo "tshark is not installed. Installing..." if command -v apt-get &> /dev/null; then sudo apt-get update sudo apt-get install -y tshark elif command -v dnf &> /dev/null; then sudo dnf install -y wireshark-cli else echo "Please install tshark manually" exit 1 fi fi # Unmanage from NetworkManager if command -v nmcli &> /dev/null; then echo "Unmanaging interface from NetworkManager..." nmcli device set "$INTERFACE" managed no 2>/dev/null || true fi # Unblock WiFi rfkill unblock wifi 2>/dev/null || true # Bring down interface echo "Bringing down interface..." ip link set "$INTERFACE" down 2>/dev/null || true sleep 0.5 # Set monitor mode echo "Setting monitor mode..." if ! iw dev "$INTERFACE" set type monitor; then echo "Error: Failed to set monitor mode" exit 1 fi sleep 0.5 # Bring up interface echo "Bringing up interface..." ip link set "$INTERFACE" up || echo "Warning: Failed to bring interface up" sleep 0.5 # Set channel echo "Setting channel to $CHANNEL..." iw dev "$INTERFACE" set channel "$CHANNEL" || echo "Warning: Failed to set channel" # Verify monitor mode echo "" echo "Verifying monitor mode..." iw dev "$INTERFACE" info | grep -E "(type|channel)" || echo "Could not verify" # Check DLT with tshark (capture for 1 second) echo "" echo "Checking Data Link Type (1 second test capture)..." TEST_OUTPUT=$(timeout 1 tshark -i "$INTERFACE" -T fields -e frame.number -e radiotap.present 2>&1) PACKET_COUNT=$(echo "$TEST_OUTPUT" | grep -E '^[0-9]+' | wc -l || echo "0") PLCP_COUNT=$(echo "$TEST_OUTPUT" | grep -E '^[0-9]+.*[0-9]' | wc -l || echo "0") echo "$TEST_OUTPUT" | tail -5 || true echo "Captured $PACKET_COUNT packet(s) in 1 second" if [ "$PLCP_COUNT" -gt 0 ]; then echo "PLCP headers: $PLCP_COUNT (radiotap present)" else echo "PLCP headers: 0 (no radiotap headers detected)" fi echo "" echo "=== Starting tshark capture ($DURATION seconds) ===" echo "Press Ctrl+C to stop early" echo "" # Capture for specified duration and count packets CAPTURE_OUTPUT=$(timeout "$DURATION" tshark -i "$INTERFACE" -n -T fields \ -e frame.number \ -e frame.time \ -e wlan.sa \ -e wlan.da \ -e wlan.fc.type \ -e wlan.fc.subtype \ -e wlan.fc.type_subtype \ -e radiotap.present \ 2>&1) # Display first 50 lines of output echo "$CAPTURE_OUTPUT" | head -50 # Count total packets captured FINAL_COUNT=$(echo "$CAPTURE_OUTPUT" | grep -E '^[0-9]+' | wc -l || echo "0") # Count packets with PLCP headers (radiotap present) # radiotap.present field is the 8th field (after frame.number, frame.time, wlan.sa, wlan.da, wlan.fc.type, wlan.fc.subtype, wlan.fc.type_subtype) PLCP_COUNT=$(echo "$CAPTURE_OUTPUT" | awk -F'\t' 'NF >= 8 && $8 != "" && $8 != "0" && $8 != "-" {count++} END {print count+0}' || echo "0") echo "" echo "=== Capture complete ===" echo "Total packets captured: $FINAL_COUNT" echo "PLCP headers: $PLCP_COUNT" echo "" if [ "$FINAL_COUNT" -gt 0 ]; then echo "✓ Monitor mode is working! Captured $FINAL_COUNT packet(s)" if [ "$PLCP_COUNT" -gt 0 ]; then echo "✓ PLCP headers detected: $PLCP_COUNT packet(s) with radiotap information" else echo "⚠ No PLCP headers detected (may be using DLT_IEEE802_11 instead of DLT_IEEE802_11_RADIO)" fi else echo "✗ No packets captured. Check:" echo " 1. Is there WiFi traffic on channel $CHANNEL?" echo " 2. Is the interface actually in monitor mode? (iw dev $INTERFACE info)" echo " 3. Try a different channel (e.g., 1, 6, 11 for 2.4GHz)" echo " 4. Try a longer duration: sudo ./test_monitor_tshark.sh $INTERFACE $CHANNEL 30" fi