rjmcmahon
/
fiwi_monitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fiwi_monitor/VERIFICATION_GUIDE.md

3.0 KiB
Raw Blame History

ESP32 Monitor Verification Guide

This Linux C program captures 802.11 frames and displays them in a format that matches ESP32's debug output, allowing you to verify that the ESP32 monitor code is correctly parsing frames.

Quick Start

# Build
cd wireless-monitor-template
./autogen.sh
./configure
make

# Run (as root)
sudo ./src/wireless_monitor wlan0 11

# With MAC filter (to match ESP32 filter)
sudo ./src/wireless_monitor wlan0 11 80:84:89:93:c4:b6

Comparison Workflow

1. Setup ESP32 Monitor

# On ESP32 console
monitor start -c 11
monitor debug on
monitor filter 80:84:89:93:c4:b6

2. Setup Linux Monitor (Same Channel)

# On Linux machine (same channel!)
sudo ./src/wireless_monitor wlan0 11 80:84:89:93:c4:b6

3. Generate Test Traffic

# On another device (e.g., Raspberry Pi)
iperf -c <server_ip> -u -b 10M -t 60

4. Compare Outputs

ESP32 Output:

[1770775602.813] I MONITOR: DATA: DATA, TA=80:84:89:93:c4:b6, Size=228 bytes, Rate=54 Mbps, MCS=0, SS=1, BW=20 MHz, RSSI=-94 dBm, Retry:YES

Linux Output:

[1770775602.813] DATA: TA=80:84:89:93:c4:b6, RA=e0:46:ee:07:df:e1, Size=228 bytes, Dur=25038 us, RSSI=-94 dBm, Retry=YES

What to Verify

  1. Same Frames Seen: Do both see the same number of frames?
  2. TA Matches: Transmitter Address should be identical
  3. RA Present: Linux shows RA, ESP32 extracts it as addr1
  4. Duration/NAV: Duration field should match (for collapse detection)
  5. Retry Flag: Should be consistent
  6. Frame Types: Both should classify frames the same way

Troubleshooting

No Frames on Linux but ESP32 Sees Them

  • Channel Mismatch: Ensure both are on the same channel
  • Interface Issue: Check iw dev wlan0 info shows monitor mode
  • Permissions: Must run as root

Different TA/RA Values

  • Address Order: ESP32 uses addr2=TA, addr1=RA (correct)
  • To DS/From DS: Address meanings change based on these bits
  • Frame Direction: Client→AP vs AP→Client have different addressing

Duration Mismatches

  • NAV Field: Both should read the same Duration/ID field
  • Expected vs Actual: ESP32 calculates expected duration, Linux shows actual
  • Collapse Detection: Large mismatches indicate potential collisions

Example: Debugging Missing Frames

If ESP32 shows Filter: 80:84:89:93:c4:b6 (0 frames, 0.0 fps) but Linux sees frames:

  1. Check Channel: monitor status on ESP32 vs iw dev wlan0 info on Linux
  2. Check MAC: Verify the MAC address is correct
  3. Check Filter Logic: ESP32 checks both TA and RA, Linux does the same
  4. Check Frame Types: ESP32 might be filtering by frame type

Notes

  • Linux output format matches ESP32 debug logs for easy comparison
  • Both tools filter on TA and RA to maximize matches
  • Radiotap header parsing (RSSI, MCS) is simplified - full parsing would require radiotap library
  • For accurate PHY info, consider using tcpdump or wireshark with radiotap support