Raspberry Pi Forums

I purchased a couple RPis, rev B and some Edimax EW-7811Un (http://www.edimax.com/en/produce_detail ... &pl2_id=44) USB wireless adapters for a project I am working on. I need to be able to put the interface into monitor mode and sniff some traffic over 802.11. I have wrote my code and tested it on a different target arch (i386). Also, the wireless dongle is working perfectly joining a network as I am currently ssh'd into it over wireless.

However, when I got the code cross-compiling for armv6l, it appears that there isn't full support for putting the device into monitor mode.

I noticed that when I used libpcap and enumerated the supported link types, the only available ones were: DLT_EN10MB and DLT_DOCSIS

I would have hoped there would have been support for DLT_IEEE802_11 and DLT_IEEE802_11_RADIO. I have tried to confirm there is something additionally wrong because I install 'iw' and anything associated with iw gives me the error 'nl80211 not found'.

I verified that I think the drivers are installed right because lsusb fully recognizes the device but when I attempted to install aircrack-ng and use airmon to put it into monitor mode, it sees the device and says that monitor mode is enabled but I never see the new interface when I list them after airmon.

I am seeking any help I can get.

I also forgot to mention I am running the latest Raspbian wheezy.

I think what your looking for is libpcap for the armhf but all I see is development

Hope this helps

http://packages.debian.org/search?keywords=libpcap

If you get it working please post a complete setup for all this thanks.

The problem I don't think is libpcap. I think the problem is the drivers for the wireless USB. I installed wireshark to see if we can even capture 802.11 packets and it doesn't allow monitor mode, so it sounds like something is wrong with the drivers but I am not sure how to find out what.

I have not been able to get my 7811un into monitor mode. I think there will be better luck had with a chipset that has better support.

http://blog.pwnieexpress.com/post/24967 ... -raspberry
http://www.pwnpi.com/

davidstites wrote:The problem I don't think is libpcap. I think the problem is the drivers for the wireless USB. I installed wireshark to see if we can even capture 802.11 packets and it doesn't allow monitor mode, so it sounds like something is wrong with the drivers but I am not sure how to find out what.

tcpdump will listen on wlan0 but it will just output nothing because it is not associated with any access point and nothing is telling it to hop through channels and listen blindly.

Did you ever get this working in the end?

Any updates?

fusiooon wrote:Any updates?

As far as I can tell you can't get RTL8188CUS based WiFi adapters working in monitor mode using the available drivers. However, according to the article PACKET SNIFFING Raspberry Spy Part 1: understanding Wi-Fi networks in The MagPi issue 24, "[Ed: You can tell Kismet the chipset of the Wi-Fi dongle you are using, but by default it will try to determine this automatically. I tested two
dongles. The RT5370 based dongle was successfully discovered but the RTL8188CUS based dongle was not.]", but it is unclear if Kismet was working with an RTL8188CUS based adapter.