I will show how to monitor all WiFi network traffic in the range of your wireless adapter. In a previous post I have explained how to to get your wireless adapter recognized by a computer running Linux. In the following it is assumed you are running Ubuntu. Other Linux flavors require only obvious changes.
Installing necessary monitoring software
We will need a few software packages. Some of them will be in the Ubuntu databases on the web. Ubuntu has a nifty system of getting software packages from these databases through "apt-get". Only if apt-get cannot find the package you will have to download it from the web yourself. All the programs we need are well-known and can be easily downloaded from the web.
If you download it yourself from the web, only the source code is delivered. In that case you change the current directory into the one containing the downloaded source and compile and install it by running as root (use sudo or a root terminal):
We will need four programs:
Aircrack-ng is cracking tool originally designed for wireless systems running the WEP protocol and could also be download from the Aircrack web site . Wireshark is an extensive network monitoring package and can be downloaded from the Wireshark website. Installing Wireshark under Ubuntu leads to an added menu item from which it can be started (in addition to starting it from a terminal).
So go ahead and get and install them. On my Ubuntu installing all four is a question of about two minutes.
Preparing your wireless adapter
Now comes the critical part. Open up a terminal window and run iwconfig.
Thus will show all network devices and you should look for the interface name of the wireless adapter you want to use. In my case there are two interfaces: ra0 and wlan0. The interface ra0 is my built-in wireless adapter that cannot be put into monitor mode (at least I could not get it there). The other wlan0 is my Icidu USB 300N wireless adapter. Now you must trigger monitor mode of this adapter. Type (replace wan0 with the interface name of your adapter):
airmon-ng start wlan0
In my case the answer of the system is:
Bingo. Somewhere in the answer you must find "monitor mode enabled on " Followed by a monitor interface name. Likely "mon0". If you do not get in the answer the name of a monitor interface your wireless adapter cannot be set in monitor mode with the present driver. Do not forget to first disconnect the adapter if it was connected to your own AccessPoint (yourwireless router)
Your wireless adapter is now spitting out frames (collections of packets) it receives from any AccessPoint within range. Let us now get the frames to the surface. You can use wireshark for this. Start wireshark and start to capture on the interface mon0 (or the appropriate interface name in your case). You will see wireshark capturing many, many frames. The best frames are the beacon frames. Analyzing a beacon frame of any of your neighbor's wireless signals will tell you many of its properties. Including its SSID and al of its encryption methods. It will also tell you whether or not the neighnbor has WPS enabled (see previous post). Look for managed frame with key Microsft vendor: WPS. After a few minutes you should stop wireshark capturing as the amount of data becomes to large.