It’s been a long time since I last enjoyed sniffing WiFi packets… the kernel version was 2.4.x to 2.6.x, the first Centrinos made their appearance, OpenWrt was the next big thing, and we all tried to put our hands on Prism II
PCMCIA PC Cards. WEP was around, along with the first tools to crack it. It was good fun.
Now, fast forward quite a few years, I can’t believe I still have to debug my own local network by means of dumpcap to monitor AP associations, etc.
So that next time I don’t have to sift through the official Wireshark help page (which, by the way, is actually very thorough), here are some quick instructions to sniff packets on a WLAN.
- Leave your wifi device on and connected to the access point (no need to do the ifconfig up/down and iwconfig dance anymore!)
- If you don’t have it already, install aircrack-ng
- Run airmon-ng:
airmon-ng start wlan1
- If it says monitor mode is enabled on some device (might be a brand new one, such as mon0) you’re good to go. Sniff some packets from Wireshark (tick the “monitor mode” preference) or using dumpcap:
dumpcap -i mon0 -I
Better yet, you can fake an AP and have the device you’re debugging connected.