Wireshark
# Channel hopping
sudo airodump-ng wlan0mon
for channel in 1 6 11 2 7 10 3 8 4 9 5 ; do iw dev wlan0mon set channel ${channel} ; sleep 1 ; done
# Filtering out Beacons
Capture filter : not subtype beacon
# Filtering for a device
(wlan addr1 3A:30:F9:0F:E1:95) or (wlan addr2 3A:30:F9:0F:E1:95) or (wlan addr3 3A:30:F9:0F:E1:95) or (wlan addr4 3A:30:F9:0F:E1:95)
# Advanced capture filter
((wlan addr1 3A:30:F9:0F:E1:95) or (wlan addr2 3A:30:F9:0F:E1:95) or (wlan addr3 3A:30:F9:0F:E1:95) or (wlan addr4 3A:30:F9:0F:E1:95)) and not (subtype beacon) and not (type ctl) and not (subtype probe-req) and not (subtype probe-resp)
# Starting capture with a Beacon frame capture filter
sudo wireshark -i wlan0mon -k -f "not subtype beacon"Remote Packet Capture
# TCPdump / dumpcap / tshark output on stdout
sudo tcpdump -i wlan0mon -w - -U
sudo dumpcap -w - -P -i wlan0mon
sudo tshark -w - -i wlan0mon
# Capturing traffic and piping it to Wireshark
sudo tcpdump -U -w - -i wlan0mon | wireshark -k -i -
# Named Pipe
# Creating and checking named pipe
mkfifo /tmp/named_pipe
# Starting capture with Wireshark on a named pipe
sudo wireshark -k -i /tmp/named_pipe
# Starting capture on wlan0mon and sending data to the named pipe
sudo tcpdump -U -w - -i wlan0mon > /tmp/named_pipe
# Capturing traffic with tcpdump on remote host and piping it to Wireshark
ssh root@10.11.0.196 "sudo -S tcpdump -U -w - -i wlan0mon" | sudo wireshark -k -i -Advanced Preferences
Last updated