100 lines
2.7 KiB
Markdown
100 lines
2.7 KiB
Markdown
# Wireless Monitor
|
|
|
|
A Linux C program for capturing and parsing 802.11 WiFi frame headers in monitor mode. This tool is designed to **verify and cross-check** the ESP32 monitor code by comparing what a Linux machine sees vs what the ESP32 sees when monitoring the same WiFi traffic.
|
|
|
|
## Purpose
|
|
|
|
This program captures 802.11 frames and displays:
|
|
- **RA (Receiver Address)** and **TA (Transmitter Address)** - same fields ESP32 extracts
|
|
- Frame type, size, duration (NAV)
|
|
- RSSI, MCS, spatial streams (when available from radiotap)
|
|
- Retry flag
|
|
|
|
This allows you to verify that the ESP32's frame parsing matches what Linux sees, helping debug issues like:
|
|
- Missing frames
|
|
- Incorrect MAC address extraction
|
|
- Duration/NAV mismatches
|
|
- Frame type classification
|
|
|
|
## Requirements
|
|
|
|
- Linux kernel with nl80211 support
|
|
- libpcap development files
|
|
- libnl3 development files
|
|
- GNU autotools (autoconf, automake, libtool)
|
|
|
|
### Install Dependencies
|
|
|
|
**Ubuntu/Debian:**
|
|
```bash
|
|
sudo apt-get install build-essential autoconf automake libtool \
|
|
libpcap-dev libnl-genl-3-dev libnl-3-dev pkg-config
|
|
```
|
|
|
|
**Fedora/RHEL:**
|
|
```bash
|
|
sudo dnf install gcc autoconf automake libtool \
|
|
libpcap-devel libnl3-devel pkgconfig
|
|
```
|
|
|
|
## Building
|
|
|
|
```bash
|
|
# Generate configure script
|
|
./autogen.sh
|
|
|
|
# Configure build
|
|
./configure
|
|
|
|
# Build
|
|
make
|
|
|
|
# Install (optional)
|
|
sudo make install
|
|
```
|
|
|
|
## Usage
|
|
|
|
```bash
|
|
# Run as root (required for monitor mode)
|
|
sudo ./src/wireless_monitor wlan0 11
|
|
|
|
# Or after installation
|
|
sudo wireless_monitor wlan1 36
|
|
|
|
# Example output (comparable to ESP32 debug logs):
|
|
# [1770775602.813] DATA: TA=80:84:89:93:c4:b6, RA=e0:46:ee:07:df:e1, Size=228 bytes, Dur=25038 us, RSSI=-94 dBm, Retry=YES
|
|
```
|
|
|
|
## Comparison with ESP32
|
|
|
|
The output format is designed to match ESP32's debug output format:
|
|
- **TA** = Transmitter Address (same as ESP32's `addr2`)
|
|
- **RA** = Receiver Address (same as ESP32's `addr1`)
|
|
- Frame type, size, duration, RSSI, retry flag
|
|
|
|
You can run both simultaneously on the same channel and compare:
|
|
1. Are the same frames seen?
|
|
2. Do RA/TA match?
|
|
3. Do durations match?
|
|
4. Are retry flags consistent?
|
|
|
|
## Project Structure
|
|
|
|
```
|
|
wireless-monitor/
|
|
├── configure.ac # Autoconf configuration
|
|
├── Makefile.am # Top-level automake file
|
|
├── autogen.sh # Script to generate configure
|
|
├── README.md
|
|
└── src/
|
|
├── Makefile.am # Source automake file
|
|
├── main.c # Main program
|
|
├── monitor.c # Monitor mode setup (libnl3)
|
|
├── monitor.h
|
|
├── capture.c # Packet capture (libpcap)
|
|
├── capture.h
|
|
├── frame_parser.c # 802.11 frame parsing
|
|
└── frame_parser.h # Frame structures (matches ESP32)
|
|
```
|