This shows a number of things that can be done with the right wireless card on a Linux command line. Note that some of these commands require 'monitor' mode, which most wireless adapters cannot do. So you will typically need to get a USB Wi-Fi dongle to be able to put them in this mode.
Note that these commands are provided as reference and for education purposes only. Some of them may be illegal to use against networks you do not own.
You can view the SSID, frequency, channel information and more around your location with the following command:
<bash> iwlist scan
First, find out which adapters are available on your system:
Then you can see what your adapter supports with the following command:
<bash> iw list
If the word
monitor is not in the available interface modes, then your adapter doesn't support it. If it does, you can enable it the following way:
<bash> iwconfig wlan0 mode monitor
If you get a operation not supported error, that means your adapter doesn't support monitor mode. If it says invalid parameter then it's a driver problem. You may have to compile a custom kernel module: https://github.com/mfruba/kernel or manually enable monitor mode: https://raspberrypi.stackexchange.com/questions/36747/enable-monitoring-mode-for-rtl8188cus-via-usb-on-raspbian
To change your MAC address, you need the macchanger package:
<bash> apt-get install macchanger
Simply make sure to bring your wireless interface down, then use the macchanger command:
<bash> ifconfig wlan0 down macchanger -m 00:11:22:33:44:55:66 wlan0 ifconfig wlan0 up
You can specify
-r to get a random number:
<bash> macchanger -r wlan0
To scan nearby airwaves, you will need to install the 'airmon-ng' package:
<bash> apt-get install airmon-ng
Make sure you set monitor mode. Then, use the following command to start scanning:
<bash> airodump-ng wlan0mon
This will display all traffic going on nearby airwaves from all networks.
You can restrict the command to only listen to clients on a specific channel. For example, this will only show traffic on channel 3:
<bash> airodump-ng wlan0mon -c 3
To only view open networks, such as free hotel Wi-Fi, you can add the following option:
<bash> airodump-ng wlan0mon -c 3 --encrypt OPN
You can see what's going on between your host and the network using the tshark package. First, install it, and then run it by specifying the interface:
<bash> apt-get install tshark tshark -i wlan0
By default you only see traffic to and from your own host, but in monitor mode you see all wireless traffic on the network.
You can also restrict what kind of traffic you want to see. For example, you can filter the HTTP protocol:
<bash> tshark -i wlan0mon -Y http