Installation[1]
# git clone git://bpf.tcpdump.org/tcpdump Configurations [3]
Change into monitor mode [4]
FirstAnd then to create an interface (called ath0) in monitor mode, issue the command:wlanconfig ath0 destroy
To finish bring the interface upwlanconfig ath0 create wlandev wifi0 wlanmode monitor
ifconfig ath0 upBy default, monitor mode receives packets with prism2 headers prepended on them. To change this, you must run one of the following:
- Only 802.11 headers: echo '801' > /proc/sys/net/ath0/dev_type
- Prism2 headers: echo '802' > /proc/sys/net/ath0/dev_type
- Radiotap headers: echo '803' > /proc/sys/net/ath0/dev_type
- Atheros Descriptors: echo '804' > /proc/sys/net/ath0/dev_type
Command
Capture packets from a particular ethernet interface
# tcpdump -i ath0 -w file -y IEEE802_11_RADIO -i: interface
-y: radiotap header
-w: write into files
Whole package viewing[5]
# tcpdump -nnvvXSs 1514// the final "s" increases the snaplength, grabbing the whole packet
References
[1] http://www.tcpdump.org/#source
[3] http://www.thegeekstuff.com/2010/08/tcpdump-command-examples/
[4] http://madwifi-project.org/wiki/UserDocs/MonitorModeInterface
No comments:
Post a Comment