Capture WiFi / WLAN / 802.11 Probe Request with tcpdump

A Probe Request is a special type of WLAN frame sent from a terminal-device (for example your smartphone) to ask all AP nearby for their presence. [..]

The blog post moved:

HERE Capture WiFi / WLAN / 802.11 Probe Request with tcpdump 

 

 

Advertisements

Posted on May 25, 2013, in Uncategorized and tagged , , , , . Bookmark the permalink. 8 Comments.

  1. Dear critak, I am trying to captuer 802.11 packets on my Android, but tcpdump that I have returns the error “Syntax Error.” I am wondering which tcpdump file you used. I am so glad if you can reply me. Thank you,

    • Hey !
      I used tcpdump version 4.3.0 and
      libpcap version 1.3.0. Did you try to call one of my sample commands or your own ? Sometimes you need to add qoutes (eg. -W “port 1234”) to not run into a syntax error.

  2. I was running this and it seems that I am getting probe requests from the access points, not from cell phones. Is this command still correct? I am looking to capture the mac addresses of nearby cellphones. I would like to see information such as cellphone mac address, whether they are connected to an AP (and the said they are connected to) and signal strength in terms of rss is this possible?

    • Probe Request are made by the terminal device (eg. smartphone). Beacons are made by the access point. What makes u think you receive beacons ? You can try to remove the filter for Probe resp. By the way probe request can be adressed to a certain SSID OR to all access points. Lookup your phones Mac adress and scan for accesspoints to generate some probe request.

  3. Hi! is there an option inside tcpdump to generate graphs like the one in the picture from the end of the article (¨Number of Probe Request over time for a Nexus 4¨) ?

  4. Hi critak, I use your command in my android phone but It gives the following error.

    tcpdump: 802.11 link-layer types supported only on 802.11

    How can I resolve this error.Thank you for your answer.

    • Without further investigations i could imaging that the version is different. Another option could be that you used the wrong interface (en0, en1, wlan0, wlan1,…). And the error message also sound like it is tries to use an interface that that is no 802.11. Is this possible ? On Android I expect no may interfaces.

      Here is the man-doc: http://www.unix.com/man-page/all/7/pcap-filter/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: