Wireless sniffing in linux

I got myself the Asus USB-N66 usb adapter so I could do some wireless sniffing on both the 2.4 and 5GHz bands instead of buying an AirPcap tool. However as it turns out I did get an AirPcap tool for use at work and the linux version of Wireshark doesn’t let you set the wireless channels like the Windows version. I documented the steps on getting the driver for the Asus adapter installed under linux here

First we need to see which interface we’ll be configuring:

marc@purdon:~$ iwconfig
lo        no wireless extensions.

virbr0    no wireless extensions.

ra0       Ralink STA  ESSID:"11n-AP"  Nickname:"RT2870STA"
          Mode:Auto  Frequency=2.412 GHz  Access Point: Not-Associated   
          Bit Rate:1 Mb/s   
          RTS thr:off   Fragment thr:off
          Link Quality=59/100  Signal level:-82 dBm  Noise level:-82 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Next we’ll going to get ra0 into monitor mode:

sudo iwconfig ra0 mode monitor

and choose the channel we’re going to be sniffing on:

sudo iwconfig ra0 channel 36

now to capture our wireless traffic:

sudo tcpdump -i ra0 -s0 -A -w /tmp/sniffer_file.pcap

This captured file can be analyzed in wireshark.


Leave a Reply