linux下使用tcpdump抓取無線網絡數據包
- 設置無線網卡模式爲monitor模式
iw wlan0 interface add mon0 type monitor
ifconfig mon0 up
默認網卡設置爲monitor模式後會自動恢復爲managed模式
所以創建另一個網卡將其設置爲monitor模式
- iwconfig
docker0 no wireless extensions.
wlp6s0 IEEE 802.11 ESSID:"CMCC-EDU"
Mode:Managed Frequency:2.412 GHz Access Point: 00:11:B5:17:E7:D6
Bit Rate=36 Mb/s Tx-Power=15 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=39/70 Signal level=-71 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:152 Invalid misc:4757 Missed beacon:0
lo no wireless extensions.
mon0 IEEE 802.11 Mode:Monitor Tx-Power=15 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:off
enp9s0 no wireless extensions.
- sudo tcpdump -i mon0 -Ine ether src 80:5E:4F:66:1C:BA -c 10000 -w foo.cap
指定網卡源mac地址,指定輸出foo.cap
- 通過wireshark打開foo.cap
