Tcpdump/Wireless/Linux: Difference between revisions

This page covers how to use the tcpdump utility for wireless packet capture on Linux machines, and how to deal with channels.

Up one level: Tcpdump/Wireless

Monitor Mode in Linux

Put your card into monitor mode with these steps:

iwconfig # list all devices
ifconfig wlan1 down # assuming wlan1 is wireless
iwconfig wlan1 mode monitor # put into monitor mode
ifconfig wlan1 up # bring wlan1 online

Channel-Hopping on Linux

Once you've put the card into monitor mode, you can run airodump-ng, which will automatically channel-hop unless you specify a specific channel. Once airodump is channel-hopping, you can run tcpdump.

Alternatively, you can set airodump to listen on a single channel.

Setting Channel from Shell Script

Another way to set the channel of the wireless card uses iwconfig, which means you can control the channel from a shell script:

iwconfig en1 channel 3

You can also use iwlist to view available channels and see the current channel of the wireless card:

root@kali:~# iwlist frequency
wlan0     14 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 12 : 2.467 GHz
          Channel 13 : 2.472 GHz
          Channel 14 : 2.484 GHz
lo        no frequency information.

eth0      no frequency information.

tcpdump Utility for dumping network traffic Tcpdump  · Category:Tcpdump Tcpdump/Wireless  · Tcpdump/Wireless/Mac  · Tcpdump/Wireless/Linux Flags  · Template:TcpdumpFlag  · e