189444c88f
Use tshark display filter to only capture frames that have RA or TA fields. This prevents tshark from erroring when encountering management frames that don't have these fields, which was causing early termination of captures. Co-authored-by: Cursor <cursoragent@cursor.com> |
||
|---|---|---|
| src | ||
| .gitignore | ||
| BUILD_PI5.md | ||
| INSTALL.md | ||
| Makefile.am | ||
| PUSH_TO_UMBER.md | ||
| QUICK_START_PI5.md | ||
| README.md | ||
| SETUP_GIT.md | ||
| VERIFICATION_GUIDE.md | ||
| ar-lib | ||
| autogen.sh | ||
| build_pi5.sh | ||
| compile | ||
| configure.ac | ||
| depcomp | ||
| install-sh | ||
| missing | ||
| test_monitor_tshark.sh | ||
README.md
Wireless Monitor
A Linux C program for capturing and parsing 802.11 WiFi frame headers in monitor mode. This tool is designed to verify and cross-check the ESP32 monitor code by comparing what a Linux machine sees vs what the ESP32 sees when monitoring the same WiFi traffic.
Purpose
This program captures 802.11 frames and displays:
- RA (Receiver Address) and TA (Transmitter Address) - same fields ESP32 extracts
- Frame type, size, duration (NAV)
- RSSI, MCS, spatial streams (when available from radiotap)
- Retry flag
This allows you to verify that the ESP32's frame parsing matches what Linux sees, helping debug issues like:
- Missing frames
- Incorrect MAC address extraction
- Duration/NAV mismatches
- Frame type classification
Requirements
- Linux kernel with nl80211 support
- libpcap development files
- libnl3 development files
- GNU autotools (autoconf, automake, libtool)
Install Dependencies
Ubuntu/Debian:
sudo apt-get install build-essential autoconf automake libtool \
libpcap-dev libnl-genl-3-dev libnl-3-dev pkg-config
Fedora/RHEL:
sudo dnf install gcc autoconf automake libtool \
libpcap-devel libnl3-devel pkg-config
Building
# Generate configure script
./autogen.sh
# Configure build
./configure
# Build
make
# Install (optional)
sudo make install
Usage
# Run as root (required for monitor mode)
sudo ./src/wireless_monitor wlan0 11
# Or after installation
sudo wireless_monitor wlan1 36
# Example output (comparable to ESP32 debug logs):
# [1770775602.813] DATA: TA=80:84:89:93:c4:b6, RA=e0:46:ee:07:df:e1, Size=228 bytes, Dur=25038 us, RSSI=-94 dBm, Retry=YES
Comparison with ESP32
The output format is designed to match ESP32's debug output format:
- TA = Transmitter Address (same as ESP32's
addr2) - RA = Receiver Address (same as ESP32's
addr1) - Frame type, size, duration, RSSI, retry flag
You can run both simultaneously on the same channel and compare:
- Are the same frames seen?
- Do RA/TA match?
- Do durations match?
- Are retry flags consistent?
Project Structure
wireless-monitor/
├── configure.ac # Autoconf configuration
├── Makefile.am # Top-level automake file
├── autogen.sh # Script to generate configure
├── README.md
└── src/
├── Makefile.am # Source automake file
├── main.c # Main program
├── monitor.c # Monitor mode setup (libnl3)
├── monitor.h
├── capture.c # Packet capture (libpcap)
├── capture.h
├── frame_parser.c # 802.11 frame parsing
└── frame_parser.h # Frame structures (matches ESP32)