# Wireless Monitor

A Linux C program for capturing and parsing 802.11 WiFi frame headers in monitor mode. This tool is designed to **verify and cross-check** the ESP32 monitor code by comparing what a Linux machine sees vs what the ESP32 sees when monitoring the same WiFi traffic.

## Purpose

This program captures 802.11 frames and displays:
- **RA (Receiver Address)** and **TA (Transmitter Address)** - same fields ESP32 extracts
- Frame type, size, duration (NAV)
- RSSI, MCS, spatial streams (when available from radiotap)
- Retry flag

This allows you to verify that the ESP32's frame parsing matches what Linux sees, helping debug issues like:
- Missing frames
- Incorrect MAC address extraction
- Duration/NAV mismatches
- Frame type classification

## Requirements

- Linux kernel with nl80211 support
- libpcap development files
- libnl3 development files
- GNU autotools (autoconf, automake, libtool)

### Install Dependencies

**Ubuntu/Debian:**
```bash
sudo apt-get install build-essential autoconf automake libtool \
    libpcap-dev libnl-genl-3-dev libnl-3-dev pkg-config
```

**Fedora/RHEL:**
```bash
sudo dnf install gcc autoconf automake libtool \
    libpcap-devel libnl3-devel pkgconfig
```

## Building

```bash
# Generate configure script
./autogen.sh

# Configure build
./configure

# Build
make

# Install (optional)
sudo make install
```

## Usage

```bash
# Run as root (required for monitor mode)
sudo ./src/wireless_monitor wlan0 11

# Or after installation
sudo wireless_monitor wlan1 36

# Example output (comparable to ESP32 debug logs):
# [1770775602.813] DATA: TA=80:84:89:93:c4:b6, RA=e0:46:ee:07:df:e1, Size=228 bytes, Dur=25038 us, RSSI=-94 dBm, Retry=YES
```

## Comparison with ESP32

The output format is designed to match ESP32's debug output format:
- **TA** = Transmitter Address (same as ESP32's `addr2`)
- **RA** = Receiver Address (same as ESP32's `addr1`)
- Frame type, size, duration, RSSI, retry flag

You can run both simultaneously on the same channel and compare:
1. Are the same frames seen?
2. Do RA/TA match?
3. Do durations match?
4. Are retry flags consistent?

## Project Structure

```
wireless-monitor/
├── configure.ac          # Autoconf configuration
├── Makefile.am            # Top-level automake file
├── autogen.sh             # Script to generate configure
├── README.md
└── src/
    ├── Makefile.am        # Source automake file
    ├── main.c             # Main program
    ├── monitor.c          # Monitor mode setup (libnl3)
    ├── monitor.h
    ├── capture.c          # Packet capture (libpcap)
    ├── capture.h
    ├── frame_parser.c     # 802.11 frame parsing
    └── frame_parser.h     # Frame structures (matches ESP32)
```