{"id":74,"date":"2016-12-23T17:17:06","date_gmt":"2016-12-23T16:17:06","guid":{"rendered":"http:\/\/netgab.net\/web\/?p=74"},"modified":"2022-01-26T07:06:10","modified_gmt":"2022-01-26T06:06:10","slug":"wlan-traffic-capture-2-linux","status":"publish","type":"post","link":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/","title":{"rendered":"WLAN traffic capture [2] – Linux"},"content":{"rendered":"

So one generic method to capture wireless frames is using Linux. There are multiple distributions, which are specialized on this (an example is Kali Linux<\/a>).<\/p>\n

However, standard Linux distributions may be used as well. This how to is created considering Ubuntu 16.04 LTS on a laptop with an integrated “Intel(R) Dual Band Wireless-AC 7260” adapter.<\/p>\n

<\/p>\n

Unnecessary to mention, that your wireless connection is not availabe during capture. Also I’m not responsible if you break your Linux system!<\/em><\/p>\n

Of course there are some helping tools like “airmon-ng<\/em>” or “airodump”<\/em>, which assists our traffic sniffing goal, but I try to focus on the built-in Linux fuctionality.<\/p>\n

Preparations<\/h2>\n

First of all we should check if our wireless adapter supports the monitoring mode. If the adapter does not support this, only frames from and to the WLAN station can be captures along with broad- and Multicast frames.<\/p>\n

So what’s the name of our wireless adapter in Linux:<\/p>\n

iw dev<\/code><\/pre>\n
Will give you the output (example):<\/p>\n
phy#0\n        Unnamed\/non-netdev interface\n                wdev 0x2\n                addr 80:86:f2:6d:58:ae\n                type P2P-device\n        Interface wlp2s0\n                ifindex 3\n                wdev 0x1\n                addr 80:86:f2:6d:58:ad\n                type managed<\/code><\/pre>\n
So for the “iw” tool the device is named “phy0<\/em>“. The interface name is “wlp2so<\/em>”<\/p>\n
To check if the adapter supports monitor mode, issue the command:<\/p>\n
iw phy0 info<\/code><\/pre>\n
Will give you the output (example) along with tons of other interesting stats about your adapter. But in line 20 (section “supported interface modes”) we can see that the “monitor” mode is supported.<\/p>\n
Wiphy phy0\n        max # scan SSIDs: 20\n        max scan IEs length: 425 bytes\n        Retry short limit: 7\n        Retry long limit: 4\n        Coverage class: 0 (up to 0m)\n        Device supports RSN-IBSS.\n        Device supports AP-side u-APSD.\n        Supported Ciphers:\n                * WEP40 (00-0f-ac:1)\n                * WEP104 (00-0f-ac:5)\n                * TKIP (00-0f-ac:2)\n                * CCMP (00-0f-ac:4)\n                * CMAC (00-0f-ac:6)\n        Available Antennas: TX 0 RX 0\n        Supported interface modes:\n                 * IBSS\n                 * managed\n                 * AP\n                 * AP\/VLAN\n                 * monitor\n                 * P2P-client\n                 * P2P-GO\n                 * P2P-device\n        Band 1:\n                Capabilities: 0x11e2\n                        HT20\/HT40\n                        Static SM Power Save\n                        RX HT20 SGI\n                        RX HT40 SGI\n                        TX STBC\n                        RX STBC 1-stream\n                        Max AMSDU length: 3839 bytes\n                        DSSS\/CCK HT40\n                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)\n                Minimum RX AMPDU time spacing: 4 usec (0x05)\n                HT TX\/RX MCS rate indexes supported: 0-15\n                Bitrates (non-HT):\n                        * 1.0 Mbps\n                        * 2.0 Mbps (short preamble supported)\n                        * 5.5 Mbps (short preamble supported)\n                        * 11.0 Mbps (short preamble supported)\n                        * 6.0 Mbps\n                        * 9.0 Mbps\n                        * 12.0 Mbps\n                        * 18.0 Mbps\n                        * 24.0 Mbps\n                        * 36.0 Mbps\n                        * 48.0 Mbps\n                        * 54.0 Mbps\n                Frequencies:\n                        * 2412 MHz [1] (22.0 dBm)\n                        * 2417 MHz [2] (22.0 dBm)\n                        * 2422 MHz [3] (22.0 dBm)\n                        * 2427 MHz [4] (22.0 dBm)\n                        * 2432 MHz [5] (22.0 dBm)\n                        * 2437 MHz [6] (22.0 dBm)\n                        * 2442 MHz [7] (22.0 dBm)\n                        * 2447 MHz [8] (22.0 dBm)\n                        * 2452 MHz [9] (22.0 dBm)\n                        * 2457 MHz [10] (22.0 dBm)\n                        * 2462 MHz [11] (22.0 dBm)\n                        * 2467 MHz [12] (22.0 dBm) (no IR)\n                        * 2472 MHz [13] (22.0 dBm) (no IR)\n        Band 2:\n                Capabilities: 0x11e2\n                        HT20\/HT40\n                        Static SM Power Save\n                        RX HT20 SGI\n                        RX HT40 SGI\n                        TX STBC\n                        RX STBC 1-stream\n                        Max AMSDU length: 3839 bytes\n                        DSSS\/CCK HT40\n                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)\n                Minimum RX AMPDU time spacing: 4 usec (0x05)\n                HT TX\/RX MCS rate indexes supported: 0-15\n                VHT Capabilities (0x038071a0):\n                        Max MPDU length: 3895\n                        Supported Channel Width: neither 160 nor 80+80\n                        short GI (80 MHz)\n                        TX STBC\n                        SU Beamformee\n                VHT RX MCS set:\n                        1 streams: MCS 0-9\n                        2 streams: MCS 0-9\n                        3 streams: not supported\n                        4 streams: not supported\n                        5 streams: not supported\n                        6 streams: not supported\n                        7 streams: not supported\n                        8 streams: not supported\n                VHT RX highest supported: 0 Mbps\n                VHT TX MCS set:\n                        1 streams: MCS 0-9\n                        2 streams: MCS 0-9\n                        3 streams: not supported\n                        4 streams: not supported\n                        5 streams: not supported\n                        6 streams: not supported\n                        7 streams: not supported\n                        8 streams: not supported\n                VHT TX highest supported: 0 Mbps\n                Bitrates (non-HT):\n                        * 6.0 Mbps\n                        * 9.0 Mbps\n                        * 12.0 Mbps\n                        * 18.0 Mbps\n                        * 24.0 Mbps\n                        * 36.0 Mbps\n                        * 48.0 Mbps\n                        * 54.0 Mbps\n                Frequencies:\n                        * 5180 MHz [36] (22.0 dBm) (no IR)\n                        * 5200 MHz [40] (22.0 dBm) (no IR)\n                        * 5220 MHz [44] (22.0 dBm) (no IR)\n                        * 5240 MHz [48] (22.0 dBm) (no IR)\n                        * 5260 MHz [52] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5280 MHz [56] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5300 MHz [60] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5320 MHz [64] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5500 MHz [100] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5520 MHz [104] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5540 MHz [108] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5560 MHz [112] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5580 MHz [116] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5600 MHz [120] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5620 MHz [124] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5640 MHz [128] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5660 MHz [132] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5680 MHz [136] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5700 MHz [140] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 730 sec)\n                          DFS CAC time: 60000 ms\n                        * 5720 MHz [144] (22.0 dBm) (no IR, radar detection)\n                          DFS state: usable (for 446 sec)\n                          DFS CAC time: 0 ms\n                        * 5745 MHz [149] (22.0 dBm) (no IR)\n                        * 5765 MHz [153] (22.0 dBm) (no IR)\n                        * 5785 MHz [157] (22.0 dBm) (no IR)\n                        * 5805 MHz [161] (22.0 dBm) (no IR)\n                        * 5825 MHz [165] (22.0 dBm) (no IR)\n        Supported commands:\n                 * new_interface\n                 * set_interface\n                 * new_key\n                 * start_ap\n                 * new_station\n                 * new_mpath\n                 * set_mesh_config\n                 * set_bss\n                 * authenticate\n                 * associate\n                 * deauthenticate\n                 * disassociate\n                 * join_ibss\n                 * join_mesh\n                 * remain_on_channel\n                 * set_tx_bitrate_mask\n                 * frame\n                 * frame_wait_cancel\n                 * set_wiphy_netns\n                 * set_channel\n                 * set_wds_peer\n                 * start_sched_scan\n                 * probe_client\n                 * set_noack_map\n                 * register_beacons\n                 * start_p2p_device\n                 * set_mcast_rate\n                 * channel_switch\n                 * Unknown command (104)\n                 * Unknown command (105)\n                 * connect\n                 * disconnect\n        Supported TX frame types:\n                 * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0\n                 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0\n                 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0\n                 * AP\/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0\n                 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0\n                 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0\n                 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0\n                 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0\n        Supported RX frame types:\n                 * IBSS: 0x40 0xb0 0xc0 0xd0\n                 * managed: 0x40 0xd0\n                 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0\n                 * AP\/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0\n                 * mesh point: 0xb0 0xc0 0xd0\n                 * P2P-client: 0x40 0xd0\n                 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0\n                 * P2P-device: 0x40 0xd0\n        WoWLAN support:\n                 * wake up on disconnect\n                 * wake up on magic packet\n                 * wake up on pattern match, up to 20 patterns of 16-128 bytes,\n                   maximum packet offset 0 bytes\n                 * can do GTK rekeying\n                 * wake up on GTK rekey failure\n                 * wake up on EAP identity request\n                 * wake up on 4-way handshake\n                 * wake up on rfkill release\n                 * wake up on TCP connection\n        software interface modes (can always be added):\n                 * AP\/VLAN\n                 * monitor\n        valid interface combinations:\n                 * #{ managed } <= 1, #{ AP, P2P-client, P2P-GO } <= 1, #{ P2P-device } <= 1,\n                   total <= 3, #channels <= 2\n        HT Capability overrides:\n                 * MCS: ff ff ff ff ff ff ff ff ff ff\n                 * maximum A-MSDU length\n                 * supported channel width\n                 * short GI for 40 MHz\n                 * max A-MPDU length exponent\n                 * min MPDU start spacing\n        Device supports TX status socket option.\n        Device supports HT-IBSS.\n        Device supports SAE with AUTHENTICATE command\n        Device supports low priority scan.\n        Device supports scan flush.\n        Device supports per-vif TX power setting\n        P2P GO supports CT window setting\n        P2P GO supports opportunistic powersave setting\n        Driver supports a userspace MPM\n        Device supports static SMPS\n        Device supports dynamic SMPS<\/code><\/pre>\n
Disturbing Linux services<\/h2>\n
When using a standard Linux client distribution, there may be services, which are disruptive for wireless capturing. Examples are “avahi-daemon”, “NetworkManager”, “wpa_supplicant” or “dhclient”. If your capture stops at some point without a reason, try to temporarily disable those services.
\nExample: sudo service NetworkManager stop<\/span><\/p>\n
Create monitoring interface<\/h2>\n
Now we can create a new monitoring network interface. As the name already states, that interface is in monitoring \/ promisuous mode. The second command removes the main WLAN interface.<\/p>\n
sudo iw phy0 interface add mon0 type monitor\nsudo iw dev wlp2s0 del\nsudo ifconfig mon0 up<\/code><\/pre>\n
Set capture parameters<\/h2>\n
As written in my previous<\/a> post, the capture channel must be set.
\nEither set the freqency using:<\/p>\n
sudo iw dev mon0 set freq <FREQ-IN-MHZ><\/code><\/pre>\n
or the channel number using:<\/p>\n
sudo iw dev mon0 set channel <CHANNEL-NUMBER><\/code><\/pre>\n
If you add the parameter HT40+, you capture 40MHz wide channels:<\/p>\n
sudo iw dev mon0 set channel <CHANNEL-NUMBER> HT40+<\/code><\/pre>\n
Verify your configuration:<\/p>\n
iw mon0 info<\/pre>\n
Example output:<\/p>\n
Interface mon0\n        ifindex 4\n        wdev 0x3\n        addr 80:86:f2:6d:58:ad\n        type monitor\n        wiphy 0\n        channel 11 (2462 MHz), width: 20 MHz (no HT), center1: 2462 MHz<\/code><\/pre>\n
Capture using tcpdump to capture file<\/h2>\n
If you like to use tcpdump for capturing, issue the following command:<\/p>\n
sudo tcpdump -i mon0 -w capture.cap<\/code><\/pre>\n
Alternatively, you can capture using Wireshark<\/p>\n
Radiotap header<\/h2>\n
One nice side effect is, that a radiotap header is added to the capture frame. This information is NOT inside a WLAN frame. It is added by the capturing device to each frame to get some RF information (RSSI, channel, data rate etc.)\"radiotap_header\"<\/p>\n
This is a WireShark screenshot of the radiotap header. In tcpdump the output looks like:<\/p>\n
09:31:19.120447 54.0 Mb\/s 5180 MHz 11a -59dB signal [bit 29] Request-To-Send TA:40:b8:37:b3:e2:0e (oui Unknown)\n09:31:19.120457 54.0 Mb\/s 5180 MHz 11a -48dB signal [bit 29] Clear-To-Send RA:40:b8:37:b3:e2:0e (oui Unknown)\n09:31:19.120515 5180 MHz 11a -59dB signal 150.0 Mb\/s MCS 7 40 MHz short GI BCC FEC RX-STBC0 [bit 20] CF +QoS Data IV:945 Pad 20 KeyID 0\n09:31:19.120549 54.0 Mb\/s 5180 MHz 11a -47dB signal [bit 29] BA RA:40:b8:37:b3:e2:0e (oui Unknown)\n09:31:19.163533 54.0 Mb\/s 5180 MHz 11a -59dB signal [bit 29] CF +QoS\n09:31:19.163544 54.0 Mb\/s 5180 MHz 11a -48dB signal [bit 29] Acknowledgment RA:40:b8:37:b3:e2:0e (oui Unknown)\n09:31:19.297174 54.0 Mb\/s 5180 MHz 11a -63dB signal [bit 29] CF +QoS<\/code><\/pre>\n
tcpdump capture filters<\/h2>\n
You’ll see very soon, that you are overwhelmed with frames. So it’s probably a good idea to appy a capture filter.<\/p>\n
Here are some examples:
\n(usage sudo tcpdump -i mon0 -w capture.cap <FILTER>)<\/p>\n
    \n
  • Capture only beacon frames:\u00a0 subtype beacon<\/span><\/li>\n
  • Capture only probe requests or responses: \u00a0 subtype probereq or subtype proberesp<\/span><\/li>\n
  • Only from an to a wireless host: wlan ra <CLIENT-MAC> or wlan ta <CLIENT-MAC><\/span><\/li>\n
  • Filter of packet types:\n
      \n
    • Management frames: type mgt<\/span><\/li>\n
    • Control frames: type ctl
      \n<\/span><\/li>\n
    • Data frames: type data
      \n<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
      Note: You won’t see any control frames (RTS,CTS etc.) when using the “wlan ra” or “ta” filters. I’ll explain those filters in detail in another post.<\/p>\n","protected":false},"excerpt":{"rendered":"
      So one generic method to capture wireless frames is using Linux. There are multiple distributions, which are specialized on this (an example is Kali Linux). However, standard Linux distributions may be used as well. This how to is created considering Ubuntu 16.04 LTS on a laptop with an integrated “Intel(R) […]<\/p>\n","protected":false},"author":1,"featured_media":57,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[10,12,11,9],"class_list":["post-74","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-capture","tag-linux","tag-sniffing","tag-wlan"],"yoast_head":"\nWLAN traffic capture [2] - Linux - NetGab - The daily networking madness<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WLAN traffic capture [2] - Linux - NetGab - The daily networking madness\" \/>\n<meta property=\"og:description\" content=\"So one generic method to capture wireless frames is using Linux. There are multiple distributions, which are specialized on this (an example is Kali Linux). However, standard Linux distributions may be used as well. This how to is created considering Ubuntu 16.04 LTS on a laptop with an integrated “Intel(R) […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/\" \/>\n<meta property=\"og:site_name\" content=\"NetGab - The daily networking madness\" \/>\n<meta property=\"article:published_time\" content=\"2016-12-23T16:17:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-26T06:06:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/netgab.net\/web\/wp-content\/uploads\/2016\/12\/Linux_Capture.png\" \/>\n\t<meta property=\"og:image:width\" content=\"597\" \/>\n\t<meta property=\"og:image:height\" content=\"389\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"joe\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"joe\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/\"},\"author\":{\"name\":\"joe\",\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/#\\\/schema\\\/person\\\/b3c8a779d0a772a9b047559d7bba4ccd\"},\"headline\":\"WLAN traffic capture [2] – Linux\",\"datePublished\":\"2016-12-23T16:17:06+00:00\",\"dateModified\":\"2022-01-26T06:06:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/\"},\"wordCount\":551,\"commentCount\":1,\"image\":{\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/netgab.net\\\/web\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/Linux_Capture.png\",\"keywords\":[\"capture\",\"Linux\",\"sniffing\",\"wlan\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/\",\"url\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/\",\"name\":\"WLAN traffic capture [2] - Linux - NetGab - The daily networking madness\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/netgab.net\\\/web\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/Linux_Capture.png\",\"datePublished\":\"2016-12-23T16:17:06+00:00\",\"dateModified\":\"2022-01-26T06:06:10+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/#\\\/schema\\\/person\\\/b3c8a779d0a772a9b047559d7bba4ccd\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/#primaryimage\",\"url\":\"https:\\\/\\\/netgab.net\\\/web\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/Linux_Capture.png\",\"contentUrl\":\"https:\\\/\\\/netgab.net\\\/web\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/Linux_Capture.png\",\"width\":597,\"height\":389},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/2016\\\/12\\\/23\\\/wlan-traffic-capture-2-linux\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/netgab.net\\\/web\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WLAN traffic capture [2] – Linux\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/#website\",\"url\":\"https:\\\/\\\/netgab.net\\\/web\\\/\",\"name\":\"NetGab - The daily networking madness\",\"description\":\"Networking at its best ... and worst\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/netgab.net\\\/web\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/netgab.net\\\/web\\\/#\\\/schema\\\/person\\\/b3c8a779d0a772a9b047559d7bba4ccd\",\"name\":\"joe\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/32b66c7321ea985e8c54f9975e87605df70ac5e4167a1e4153d91d72c67cf150?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/32b66c7321ea985e8c54f9975e87605df70ac5e4167a1e4153d91d72c67cf150?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/32b66c7321ea985e8c54f9975e87605df70ac5e4167a1e4153d91d72c67cf150?s=96&d=retro&r=g\",\"caption\":\"joe\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WLAN traffic capture [2] - Linux - NetGab - The daily networking madness","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/","og_locale":"en_US","og_type":"article","og_title":"WLAN traffic capture [2] - Linux - NetGab - The daily networking madness","og_description":"So one generic method to capture wireless frames is using Linux. There are multiple distributions, which are specialized on this (an example is Kali Linux). However, standard Linux distributions may be used as well. This how to is created considering Ubuntu 16.04 LTS on a laptop with an integrated “Intel(R) […]","og_url":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/","og_site_name":"NetGab - The daily networking madness","article_published_time":"2016-12-23T16:17:06+00:00","article_modified_time":"2022-01-26T06:06:10+00:00","og_image":[{"width":597,"height":389,"url":"https:\/\/netgab.net\/web\/wp-content\/uploads\/2016\/12\/Linux_Capture.png","type":"image\/png"}],"author":"joe","twitter_card":"summary_large_image","twitter_misc":{"Written by":"joe","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/#article","isPartOf":{"@id":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/"},"author":{"name":"joe","@id":"https:\/\/netgab.net\/web\/#\/schema\/person\/b3c8a779d0a772a9b047559d7bba4ccd"},"headline":"WLAN traffic capture [2] – Linux","datePublished":"2016-12-23T16:17:06+00:00","dateModified":"2022-01-26T06:06:10+00:00","mainEntityOfPage":{"@id":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/"},"wordCount":551,"commentCount":1,"image":{"@id":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/#primaryimage"},"thumbnailUrl":"https:\/\/netgab.net\/web\/wp-content\/uploads\/2016\/12\/Linux_Capture.png","keywords":["capture","Linux","sniffing","wlan"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/","url":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/","name":"WLAN traffic capture [2] - Linux - NetGab - The daily networking madness","isPartOf":{"@id":"https:\/\/netgab.net\/web\/#website"},"primaryImageOfPage":{"@id":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/#primaryimage"},"image":{"@id":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/#primaryimage"},"thumbnailUrl":"https:\/\/netgab.net\/web\/wp-content\/uploads\/2016\/12\/Linux_Capture.png","datePublished":"2016-12-23T16:17:06+00:00","dateModified":"2022-01-26T06:06:10+00:00","author":{"@id":"https:\/\/netgab.net\/web\/#\/schema\/person\/b3c8a779d0a772a9b047559d7bba4ccd"},"breadcrumb":{"@id":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/#primaryimage","url":"https:\/\/netgab.net\/web\/wp-content\/uploads\/2016\/12\/Linux_Capture.png","contentUrl":"https:\/\/netgab.net\/web\/wp-content\/uploads\/2016\/12\/Linux_Capture.png","width":597,"height":389},{"@type":"BreadcrumbList","@id":"https:\/\/netgab.net\/web\/2016\/12\/23\/wlan-traffic-capture-2-linux\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/netgab.net\/web\/"},{"@type":"ListItem","position":2,"name":"WLAN traffic capture [2] – Linux"}]},{"@type":"WebSite","@id":"https:\/\/netgab.net\/web\/#website","url":"https:\/\/netgab.net\/web\/","name":"NetGab - The daily networking madness","description":"Networking at its best ... and worst","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/netgab.net\/web\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/netgab.net\/web\/#\/schema\/person\/b3c8a779d0a772a9b047559d7bba4ccd","name":"joe","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/32b66c7321ea985e8c54f9975e87605df70ac5e4167a1e4153d91d72c67cf150?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/32b66c7321ea985e8c54f9975e87605df70ac5e4167a1e4153d91d72c67cf150?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/32b66c7321ea985e8c54f9975e87605df70ac5e4167a1e4153d91d72c67cf150?s=96&d=retro&r=g","caption":"joe"}}]}},"jetpack_featured_media_url":"https:\/\/netgab.net\/web\/wp-content\/uploads\/2016\/12\/Linux_Capture.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8dgKr-1c","_links":{"self":[{"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/posts\/74","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/comments?post=74"}],"version-history":[{"count":27,"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/posts\/74\/revisions"}],"predecessor-version":[{"id":940,"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/posts\/74\/revisions\/940"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/media\/57"}],"wp:attachment":[{"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/media?parent=74"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/categories?post=74"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/netgab.net\/web\/wp-json\/wp\/v2\/tags?post=74"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}