3
votes

I was given a project to count the number of Wifi devices in a room and my research led me to getting an TL-MR3020 and installing OpenWRT on it.

I can set up mon0 in Monitor Mode just fine

airmon-ng start wlan0 

Interface   Chipset     Driver

wlan0       Atheros     ath9k - [phy0]
                (monitor mode enabled on mon0)

which allows me to use scapy and sniff for Probe Requests on the mon0 interface and stay connected to the internet (in Client/Station/Managed mode) on the wlan0 interface to send the results to my server.

The problem I'm running into is that my sniffing is only occurring on a single channel rather than hopping from channel to channel. I've learned that because the two interfaces share the same radio they must both be on the same channel frequency and that channel is dictated by whatever Access Point wlan0 is connected to.

I can verify that when I disconnect from the AP that channel hopping works just fine

airmon-ng stop wlan0
airodump-ng mon0

What is a good strategy for scanning the entire network spectrum while being able to report my results?

1

1 Answers

3
votes

What is a good strategy for scanning the entire network spectrum while being able to report my results?

  1. Use a machine with two Wi-Fi adapters. Keep one of them on the channel for your Wi-Fi network, and use it for communications; do channel scanning with the other one, running it in monitor mode.
  2. Scan the networks and save the results in memory; when you're finished with the scan, switch to the channel for your Wi-Fi network, join the network, and report the results then.