On Fri, Sep 13, 2019 at 09:35:56PM +0000, Mikolaj Kucharski wrote: > I've tested monitor mode and it seems to work: > > $ ifconfig iwm0 > iwm0: flags=8847<UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 38:37:8b:XX:XX:XX > index 1 priority 4 llprio 3 > groups: wlan egress > media: IEEE802.11 autoselect monitor > status: active > ieee80211: nwid linksys chan 11 bssid 00:1d:7e:XX:XX:XX 29% > > I've used kismet-201607R1p0 package and I could see networks and packets > being reported. Testing with tcpdump(8) also showed traffic visible from > various access points around:
Thanks for testing! I've never tried kismet myself, glad to see it works. > # tcpdump -c 3 -y IEEE802_11_RADIO -ni iwm0 > tcpdump: listening on iwm0, link-type IEEE802_11_RADIO > 21:25:12.586606 802.11: beacon, ssid (net_092382), rates, ds, tim, xrates, > rsn, htcaps, <radiotap v0, chan 11, 11g, sig 50dBm, noise 28dBm> > 21:25:12.653411 802.11: beacon, ssid (linksys), rates, ds, tim, erp, 47:1, > xrates, vendor, <radiotap v0, chan 11, 11g, sig 25dBm, noise 28dBm> > 21:25:12.755803 802.11: beacon, ssid (linksys), rates, ds, tim, erp, 47:1, > xrates, vendor, <radiotap v0, chan 11, 11g, sig 23dBm, noise 28dBm> > > I see in tcpdump output that all beacons are reported with chan 11, > where I know some of the access points are not on channel 11. Not > sure is this expected. Other than that, I don't see anything > concerning. This is likely cross-talk (several channels do overlap), or dual-beacons deliberately sent by APs in 40 MHz mode on all channels they occupy.
