Has anyone gotten wireshark to capture data packets from a monitor mode interface on a raspberry pi?
I have tried this on a pi 3b and a pi 4. I am using kali which supposedly comes with nexmon. I use the aircrack utility (airmon-ng start wlan0) and this creates a monitor mode interface. I try to monitor that interface and I don't see anything but beacons and spanning tree stuff. I have already run airmon-ng check kill to be sure that there are no processes stopping me from setting the channel.
I am sure that there is traffic on the nets. I have tried using WPA and open nets. I am running wireshark as root.
Other tools I have run (kismet) seem to identify the nearby nets from beacons but there is no evidence they see data packets that are non-broadcast (like a long ping). This mirrors what I have seen on wireshark.
I'm getting frustrated. I bought a pi 3b because I couldn't find an official statement of support for the pi 4. I see no difference in what I see.
If anyone has gotten it to work, can you tell me what you did? If I have to start over with a different distribution I will.
No answer, but nexmon says it does have support for RPi 4, their website has non-simple instructions for installation.
I have a pi device:
I followed the instructions @grahamb pointed out (https://github.com/seemoo-lab/nexmon) and have no issue picking up the traffic I expect, including data and QoS-data traffic. I am getting uni-, multi-, and broadcast traffic with a radiotap header but I see that the header is wrong in decoding (at least) HT frames. Packet capture sees them (1SS/20MHz is all I have running) but it shows the datarate as 0. I can't change channels, either, or haven't figured it out.
I note that the instructions have specific steps that I had to follow to make it work; see the section under Using the Monitor Mode patch. When I set this up 'the old way', i.e. manually with iw / iwconfig / ifconfig / etc/, it didn't work well ...(more)
OK, I have dug through the stuff on kali, they claim to have the nexmon stuff pre-installed and their 64 bit image claims nexmon and support for raspberry pi 4....
I agree that, given the diagnosis I've done, that this is unlikely to be a wireshark problem. I thought it might be at first. However, I'm new on the kali forums and supposedly am being moderated, but no one is approving posts. I asked here our of frustration, because if no one had gotten this working I was going to try something else.
At this point, my next step is to try usage instructions and then, perhaps, to grab a distribution other than kali and to install nexmon into it from scratch, or to reinstall nexmon into kali, messing with options as needed.
I need to trap a small amount of traffic, once or twice. I'm just ...(more)