Last update: 2018-05-01

Scanning Wi-Fi with Linux


Introduction

This shows a number of things that can be done with the right wireless card on a Linux command line. Note that some of these commands require 'monitor' mode, which most wireless adapters cannot do. So you will typically need to get a USB Wi-Fi dongle to be able to put them in this mode.

Note that these commands are provided as reference and for education purposes only. Some of them may be illegal to use against networks you do not own.

Listing nearby access points

You can view the SSID, frequency, channel information and more around your location with the following command:

<bash>
iwlist scan

Changing adapter to monitor mode

First, find out which adapters are available on your system:

<bash>
iwconfig

Then you can see what your adapter supports with the following command:

<bash>
iw list

If the word monitor is not in the available interface modes, then your adapter doesn't support it. If it does, you can enable it the following way:

<bash>
iwconfig wlan0 mode monitor

If you get a operation not supported error, that means your adapter doesn't support monitor mode. If it says invalid parameter then it's a driver problem. You may have to compile a custom kernel module: https://github.com/mfruba/kernel or manually enable monitor mode: https://raspberrypi.stackexchange.com/questions/36747/enable-monitoring-mode-for-rtl8188cus-via-usb-on-raspbian

Changing MAC address

To change your MAC address, you need the macchanger package:

<bash>
apt-get install macchanger

Simply make sure to bring your wireless interface down, then use the macchanger command:

<bash>
ifconfig wlan0 down
macchanger -m 00:11:22:33:44:55:66 wlan0
ifconfig wlan0 up

You can specify -r to get a random number:

<bash>
macchanger -r wlan0

Scanning nearby connections

To scan nearby airwaves, you will need to install the 'airmon-ng' package:

<bash>
apt-get install airmon-ng

Make sure you set monitor mode. Then, use the following command to start scanning:

<bash>
airodump-ng wlan0mon

This will display all traffic going on nearby airwaves from all networks.

You can restrict the command to only listen to clients on a specific channel. For example, this will only show traffic on channel 3:

<bash>
airodump-ng wlan0mon -c 3

To only view open networks, such as free hotel Wi-Fi, you can add the following option:

<bash>
airodump-ng wlan0mon -c 3 --encrypt OPN

Capturing packets

You can see what's going on between your host and the network using the tshark package. First, install it, and then run it by specifying the interface:

<bash>
apt-get install tshark
tshark -i wlan0

By default you only see traffic to and from your own host, but in monitor mode you see all wireless traffic on the network.

You can also restrict what kind of traffic you want to see. For example, you can filter the HTTP protocol:

<bash>
tshark -i wlan0mon -Y http


© 2007-2018 Patrick Lambert - All resources on this site are provided under the MIT License - You can contact me at: contact@dendory.net