rjmcmahon
/
fiwi_monitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fiwi_monitor/README.md

2.7 KiB
Raw Blame History

Wireless Monitor

A Linux C program for capturing and parsing 802.11 WiFi frame headers in monitor mode. This tool is designed to verify and cross-check the ESP32 monitor code by comparing what a Linux machine sees vs what the ESP32 sees when monitoring the same WiFi traffic.

Purpose

This program captures 802.11 frames and displays:

  • RA (Receiver Address) and TA (Transmitter Address) - same fields ESP32 extracts
  • Frame type, size, duration (NAV)
  • RSSI, MCS, spatial streams (when available from radiotap)
  • Retry flag

This allows you to verify that the ESP32's frame parsing matches what Linux sees, helping debug issues like:

  • Missing frames
  • Incorrect MAC address extraction
  • Duration/NAV mismatches
  • Frame type classification

Requirements

  • Linux kernel with nl80211 support
  • libpcap development files
  • libnl3 development files
  • GNU autotools (autoconf, automake, libtool)

Install Dependencies

Ubuntu/Debian:

sudo apt-get install build-essential autoconf automake libtool \
    libpcap-dev libnl-genl-3-dev libnl-3-dev pkg-config

Fedora/RHEL:

sudo dnf install gcc autoconf automake libtool \
    libpcap-devel libnl3-devel pkgconfig

Building

# Generate configure script
./autogen.sh

# Configure build
./configure

# Build
make

# Install (optional)
sudo make install

Usage

# Run as root (required for monitor mode)
sudo ./src/wireless_monitor wlan0 11

# Or after installation
sudo wireless_monitor wlan1 36

# Example output (comparable to ESP32 debug logs):
# [1770775602.813] DATA: TA=80:84:89:93:c4:b6, RA=e0:46:ee:07:df:e1, Size=228 bytes, Dur=25038 us, RSSI=-94 dBm, Retry=YES

Comparison with ESP32

The output format is designed to match ESP32's debug output format:

  • TA = Transmitter Address (same as ESP32's addr2)
  • RA = Receiver Address (same as ESP32's addr1)
  • Frame type, size, duration, RSSI, retry flag

You can run both simultaneously on the same channel and compare:

  1. Are the same frames seen?
  2. Do RA/TA match?
  3. Do durations match?
  4. Are retry flags consistent?

Project Structure

wireless-monitor/
├── configure.ac          # Autoconf configuration
├── Makefile.am            # Top-level automake file
├── autogen.sh             # Script to generate configure
├── README.md
└── src/
    ├── Makefile.am        # Source automake file
    ├── main.c             # Main program
    ├── monitor.c          # Monitor mode setup (libnl3)
    ├── monitor.h
    ├── capture.c          # Packet capture (libpcap)
    ├── capture.h
    ├── frame_parser.c     # 802.11 frame parsing
    └── frame_parser.h     # Frame structures (matches ESP32)