By default the awesome WLANPI allow us to capture 802.11 frames using one WiFi dongle working in monitor mode. Some great projects like wlanpishark allow us to execute remote packet capture which is great but again just using one WIFI dongle which means just one channel at a time.
Some times it is necessary to capture using at least 2 or 3 or even more channels simultaneously in order to have a complete picture of what is going on in our WIFI network, a good example of this is when you want to troubleshoot a Roaming issue, in this case you will need to capture simultaneously in at least 2 or 3 different channels, so the question is how can we do this using WLANPI or any other Linux distribution using up to 3 WIFI adapters working in MONITOR mode?
The answer I found was to create a basic script to put up to 3 WIFI dongles (wlan0, wlan1 and wlan2) connected to the WLANPI or any Linux device working in Monitor mode and then use tshark to capture simultaneously using the 3 interfaces in different channels and saving the capture in just one capture file.
The script will detect if you have 1, 2 or 3 wifi adapters connected, then will put each active adapter in monitor mode and set each adapter in a different channel and channel width according with your inputs.
Here the script code:
sudo airmon-ng check kill
if iwconfig wlan0;
sudo ifconfig wlan0 up
then
echo “Channel for wlan0?”
read channel0
sudo iwconfig wlan0 mode monitor
echo ‘Channel width for wlan0? (NOHT|HT20|HT40-|HT40+|80MHz)’
read width0
sudo iw wlan0 set channel $channel0 $width0
fi
if iwconfig wlan1;
sudo ifconfig wlan1 up
then
echo “Channel for wlan1?”
read channel1
echo ‘Channel width for wlan1? (NOHT|HT20|HT40-|HT40+|80MHz)’
read width1
sudo iwconfig wlan1 mode monitor
sudo iw wlan1 set channel $channel1 $width1
fi
if iwconfig wlan2;
sudo ifconfig wlan2 up
then
echo “Channel for wlan2”
read channel2
echo “Channel Width for wlan2? (NOHT|HT20|HT40-|HT40+|80MHz)”
read width2
sudo iwconfig wlan2 mode monitor
sudo iw wlan2 set channel $channel2 $width2
fi
if iwconfig wlan0;iwconfig wlan1;iwconfig wlan2;
then
tshark -i wlan0 -i wlan1 -i wlan2 -w wlan0-CH$channel0-$width0-wlan1-CH$channel1-$width1-wlan2-CH$channel2-$width2.pcap
echo capture file wlan0-CH$channel0-width0-wlan1-CH$channel1-width1-wlan2-CH$channel2-width2.pcap was created
exit 0
fi
if iwconfig wlan0;iwconfig wlan1;
then
tshark -i wlan0 -i wlan1 -w wlan0-CH$channel0-$width0-wlan1-CH$channel1-$width1.pcap
echo capture file wlan0-CH$channel0-$width0-wlan1-CH$channel1-$width1.pcap was created
exit 0
fi
if iwconfig wlan0;
then
tshark -i wlan0 -w wlan0-CH$channel0-$width0.pcap
echo capture file wlan0-CH$channel0-$width0.pcap was created
exit 0
fi
if iwconfig wlan1;
then
tshark -i wlan1 -w wlan1-CH$channel1-$width1.pcap
echo capture file wlan1-CH$channel1-$width1.pcap was created
exit 0
fi
just copy and paste the code above in a file within your home folder and then allow the execution of this file with the command:
$ sudo chmod a+x file-name
Then you can execute the script with the command:
$./file-name
More info about the 802.11 Protocol Analysis here
More info about the 802.11 standard here
More info about the God of the Bible here
No responses yet