Introduction
This shows a number of things that can be done with the right wireless card on a Linux command line. Note that some of these commands require ‘monitor’ mode, which most wireless adapters cannot do. So you will typically need to get a USB Wi-Fi dongle to be able to put them in this mode.
Note that these commands are provided as reference and for education purposes only. Some of them may be illegal to use against networks you do not own.
Listing nearby access points
You can view the SSID, frequency, channel information and more around your location with the following command:
iwlist scan
Changing adapter to monitor mode
First, find out which adapters are available on your system:
iwconfig
Then you can see what your adapter supports with the following command:
iw list
If the word monitor is not in the available interface modes, then your adapter doesn’t support it. If it does, you can enable it the following way:
iwconfig wlan0 mode monitor
If you get a operation not supported error, that means your adapter doesn’t support monitor mode. If it says invalid parameter then it’s a driver problem. You may have to compile a custom kernel module: https://github.com/mfruba/kernel or manually enable monitor mode: https://raspberrypi.stackexchange.com/questions/36747/enable-monitoring-mode-for-rtl8188cus-via-usb-on-raspbian
Changing MAC address
To change your MAC address, you need the macchanger package:
apt-get install macchanger
Simply make sure to bring your wireless interface down, then use the macchanger command:
ifconfig wlan0 down
macchanger -m 00:11:22:33:44:55:66 wlan0
ifconfig wlan0 up
You can specify -r to get a random number:
macchanger -r wlan0
Scanning nearby connections
To scan nearby airwaves, you will need to install the ‘airmon-ng’ package:
apt-get install airmon-ng
Make sure you set monitor mode. Then, use the following command to start scanning:
airodump-ng wlan0mon
This will display all traffic going on nearby airwaves from all networks.
You can restrict the command to only listen to clients on a specific channel. For example, this will only show traffic on channel 3:
airodump-ng wlan0mon -c 3
To only view open networks, such as free hotel Wi-Fi, you can add the following option:
airodump-ng wlan0mon -c 3 --encrypt OPN
Capturing packets
You can see what’s going on between your host and the network using the tshark package. First, install it, and then run it by specifying the interface:
apt-get install tshark
tshark -i wlan0
By default you only see traffic to and from your own host, but in monitor mode you see all wireless traffic on the network.
You can also restrict what kind of traffic you want to see. For example, you can filter the HTTP protocol:
tshark -i wlan0mon -Y http