173 lines
5.4 KiB
Bash
Executable File
173 lines
5.4 KiB
Bash
Executable File
#!/bin/bash
|
|
# Test script to verify monitor mode works with tshark
|
|
# Usage: ./test_monitor_tshark.sh [interface] [channel] [duration_seconds]
|
|
|
|
set -e
|
|
|
|
INTERFACE="${1:-wlan0}"
|
|
CHANNEL="${2:-36}"
|
|
DURATION="${3:-10}" # Default 10 seconds, minimum 1 second
|
|
|
|
# Ensure minimum 1 second
|
|
if [ "$DURATION" -lt 1 ]; then
|
|
DURATION=1
|
|
fi
|
|
|
|
echo "=== Testing Monitor Mode with tshark ==="
|
|
echo "Interface: $INTERFACE"
|
|
echo "Channel: $CHANNEL"
|
|
echo "Duration: $DURATION seconds"
|
|
echo ""
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root (use sudo)"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if tshark is installed
|
|
if ! command -v tshark &> /dev/null; then
|
|
echo "tshark is not installed. Installing..."
|
|
if command -v apt-get &> /dev/null; then
|
|
sudo apt-get update
|
|
sudo apt-get install -y tshark
|
|
elif command -v dnf &> /dev/null; then
|
|
sudo dnf install -y wireshark-cli
|
|
else
|
|
echo "Please install tshark manually"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Unmanage from NetworkManager
|
|
if command -v nmcli &> /dev/null; then
|
|
echo "Unmanaging interface from NetworkManager..."
|
|
nmcli device set "$INTERFACE" managed no 2>/dev/null || true
|
|
fi
|
|
|
|
# Unblock WiFi
|
|
rfkill unblock wifi 2>/dev/null || true
|
|
|
|
# Bring down interface
|
|
echo "Bringing down interface..."
|
|
ip link set "$INTERFACE" down 2>/dev/null || true
|
|
sleep 0.5
|
|
|
|
# Set monitor mode
|
|
echo "Setting monitor mode..."
|
|
if ! iw dev "$INTERFACE" set type monitor; then
|
|
echo "Error: Failed to set monitor mode"
|
|
exit 1
|
|
fi
|
|
|
|
sleep 0.5
|
|
|
|
# Bring up interface
|
|
echo "Bringing up interface..."
|
|
ip link set "$INTERFACE" up || echo "Warning: Failed to bring interface up"
|
|
|
|
sleep 0.5
|
|
|
|
# Set channel
|
|
echo "Setting channel to $CHANNEL..."
|
|
iw dev "$INTERFACE" set channel "$CHANNEL" || echo "Warning: Failed to set channel"
|
|
|
|
# Verify monitor mode
|
|
echo ""
|
|
echo "Verifying monitor mode..."
|
|
iw dev "$INTERFACE" info | grep -E "(type|channel)" || echo "Could not verify"
|
|
|
|
# Check DLT with tshark (capture for 1 second)
|
|
echo ""
|
|
echo "Checking Data Link Type (1 second test capture)..."
|
|
echo "(This may take up to 2 seconds if no packets are present)"
|
|
|
|
# Use timeout with -c to limit packets and avoid hanging
|
|
# Capture both stdout and stderr
|
|
TEST_OUTPUT=$(timeout 2 tshark -i "$INTERFACE" -c 100 -T fields -e frame.number -e radiotap.present 2>&1 || true)
|
|
TEST_EXIT_CODE=${PIPESTATUS[0]}
|
|
|
|
# Show any warnings/errors from tshark (but not packet data)
|
|
echo "$TEST_OUTPUT" | grep -E "(Running as|tshark:|Warning|Error|Capturing)" || true
|
|
|
|
# Count packets (lines starting with a number, excluding error messages)
|
|
PACKET_LINES=$(echo "$TEST_OUTPUT" | grep -E '^[0-9]+' || true)
|
|
PACKET_COUNT=$(echo "$PACKET_LINES" | wc -l || echo "0")
|
|
|
|
# Count lines with both frame.number and radiotap.present (non-empty second field)
|
|
PLCP_COUNT=$(echo "$PACKET_LINES" | awk -F'\t' 'NF >= 2 && $1 != "" && $2 != "" && $2 != "0" && $2 != "-" {count++} END {print count+0}' || echo "0")
|
|
|
|
# Show sample output
|
|
if [ "$PACKET_COUNT" -gt 0 ]; then
|
|
echo "Sample packets:"
|
|
echo "$PACKET_LINES" | head -3
|
|
fi
|
|
|
|
echo ""
|
|
echo "Test capture results:"
|
|
echo " Packets captured: $PACKET_COUNT"
|
|
echo " PLCP headers: $PLCP_COUNT"
|
|
if [ "$PLCP_COUNT" -eq 0 ] && [ "$PACKET_COUNT" -gt 0 ]; then
|
|
echo " Note: Packets captured but no radiotap headers (may be using DLT_IEEE802_11 instead of DLT_IEEE802_11_RADIO)"
|
|
fi
|
|
|
|
echo ""
|
|
echo "=== Starting tshark capture ($DURATION seconds) ==="
|
|
echo "Press Ctrl+C to stop early"
|
|
echo ""
|
|
|
|
# Capture for specified duration and count packets
|
|
echo "Capturing packets for $DURATION seconds..."
|
|
CAPTURE_OUTPUT=$(timeout "$DURATION" tshark -i "$INTERFACE" -n -T fields \
|
|
-e frame.number \
|
|
-e frame.time \
|
|
-e wlan.sa \
|
|
-e wlan.da \
|
|
-e wlan.fc.type \
|
|
-e wlan.fc.subtype \
|
|
-e wlan.fc.type_subtype \
|
|
-e radiotap.present \
|
|
2>&1)
|
|
CAPTURE_EXIT_CODE=$?
|
|
|
|
# Show any warnings/errors
|
|
echo "$CAPTURE_OUTPUT" | grep -E "(tshark:|Warning|Error)" | head -5 || true
|
|
|
|
# Display first 50 lines of packet output
|
|
PACKET_LINES=$(echo "$CAPTURE_OUTPUT" | grep -E '^[0-9]+' || true)
|
|
if [ -n "$PACKET_LINES" ]; then
|
|
echo ""
|
|
echo "Sample packets (first 20):"
|
|
echo "$PACKET_LINES" | head -20
|
|
else
|
|
echo ""
|
|
echo "(No packets captured)"
|
|
fi
|
|
|
|
# Count total packets captured (lines starting with a number)
|
|
FINAL_COUNT=$(echo "$CAPTURE_OUTPUT" | grep -E '^[0-9]+' | wc -l || echo "0")
|
|
|
|
# Count packets with PLCP headers (radiotap present)
|
|
# radiotap.present field is the 8th field (after frame.number, frame.time, wlan.sa, wlan.da, wlan.fc.type, wlan.fc.subtype, wlan.fc.type_subtype)
|
|
PLCP_COUNT=$(echo "$CAPTURE_OUTPUT" | awk -F'\t' 'NF >= 8 && $1 != "" && $8 != "" && $8 != "0" && $8 != "-" {count++} END {print count+0}' || echo "0")
|
|
|
|
echo ""
|
|
echo "=== Capture complete ==="
|
|
echo "Total packets captured: $FINAL_COUNT"
|
|
echo "PLCP headers: $PLCP_COUNT"
|
|
echo ""
|
|
if [ "$FINAL_COUNT" -gt 0 ]; then
|
|
echo "✓ Monitor mode is working! Captured $FINAL_COUNT packet(s)"
|
|
if [ "$PLCP_COUNT" -gt 0 ]; then
|
|
echo "✓ PLCP headers detected: $PLCP_COUNT packet(s) with radiotap information"
|
|
else
|
|
echo "⚠ No PLCP headers detected (may be using DLT_IEEE802_11 instead of DLT_IEEE802_11_RADIO)"
|
|
fi
|
|
else
|
|
echo "✗ No packets captured. Check:"
|
|
echo " 1. Is there WiFi traffic on channel $CHANNEL?"
|
|
echo " 2. Is the interface actually in monitor mode? (iw dev $INTERFACE info)"
|
|
echo " 3. Try a different channel (e.g., 1, 6, 11 for 2.4GHz)"
|
|
echo " 4. Try a longer duration: sudo ./test_monitor_tshark.sh $INTERFACE $CHANNEL 30"
|
|
fi
|