I was given a project to count the number of Wifi devices in a room and my research led me to getting an TL-MR3020 and installing OpenWRT on it.
I can set up mon0 in Monitor Mode just fine
airmon-ng start wlan0
Interface Chipset Driver
wlan0 Atheros ath9k - [phy0]
(monitor mode enabled on mon0)
which allows me to use scapy and sniff for Probe Requests on the mon0 interface and stay connected to the internet (in Client/Station/Managed mode) on the wlan0 interface to send the results to my server.
The problem I'm running into is that my sniffing is only occurring on a single channel rather than hopping from channel to channel. I've learned that because the two interfaces share the same radio they must both be on the same channel frequency and that channel is dictated by whatever Access Point wlan0 is connected to.
I can verify that when I disconnect from the AP that channel hopping works just fine
airmon-ng stop wlan0
airodump-ng mon0
What is a good strategy for scanning the entire network spectrum while being able to report my results?