linux下使用tcpdump抓取无线网络数据包

linux下使用tcpdump抓取无线网络数据包

1. 设置无线网卡模式为monitor模式
   iw wlan0 interface add mon0 type monitor
   ifconfig mon0 up
   默认网卡设置为monitor模式后会自动恢复为managed模式
   所以创建另一个网卡将其设置为monitor模式
2. iwconfig

docker0   no wireless extensions.

wlp6s0    IEEE 802.11  ESSID:"CMCC-EDU"  
          Mode:Managed  Frequency:2.412 GHz  Access Point: 00:11:B5:17:E7:D6   
          Bit Rate=36 Mb/s   Tx-Power=15 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=39/70  Signal level=-71 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:152  Invalid misc:4757   Missed beacon:0

lo        no wireless extensions.

mon0      IEEE 802.11  Mode:Monitor  Tx-Power=15 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          
enp9s0    no wireless extensions.

3. sudo tcpdump -i mon0 -Ine ether src 80:5E:4F:66:1C:BA -c 10000 -w foo.cap
   指定网卡源mac地址，指定输出foo.cap
4. 通过wireshark打开foo.cap