802.11ax Remote Packet Captures using the Jetson Nano
This solution will allow you to perform remote 802.11ax packet capture from your own laptop using the Jetson Nano.
The benefit of using the Jetson Nano (and the Intel AX200 Wi-Fi card) to perform 802.11ax packet capture is that you get a lot more information in the RadioTap Header you get.
The benefit of doing it remotely is that you never need to directly interact with the Jetson Nano OS (no need for keyboards, screens nor mouses)
They pretty much found the solutions, I was just the one implementing it 😉
INITIAL SETUP OF THE JETSON NANO
// Update & Upgrade Ubuntu sudo apt-get update -y sudo apt-get upgrade -y // Install the iwlwifi drivers git clone --single-branch --branch release/core45 https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwifi.git cd backport-iwlwifi/ make defconfig-iwlwifi-public sed -i 's/CPTCFG_IWLMVM_VENDOR_CMDS=y/# CPTCFG_IWLMVM_VENDOR_CMDS is not set/' .config make -j4 sudo make install // Install the Intel 802.11ax drivers for linux git clone https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware.git --branch iwlwifi-fw-2019-07-20 --single-branch cd linux-firmware/ sudo cp iwlwifi-cc-a0-48.ucode /lib/firmware // Install Wireshark (development version) sudo add-apt-repository ppa:wireshark-dev/stable sudo add-apt-repository ppa:dreibh/ppa sudo apt update sudo apt -y install wireshark sudo apt -y install wireshark-qt // Install aircrack-ng sudo apt -y install aircrack-ng // Install tcmpdump sudo apt -y intall tcpdump // Allow the user to be able to use tcmpdump over an SSH connection (remote connection) sudo groupadd pcap sudo usermod -a -G pcap $USER sudo chgrp pcap /usr/sbin/tcpdump sudo chmod 750 /usr/sbin/tcpdump sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
INITIAL WIRESHARK CONFIGURATIONS (ON YOUR LAPTOP)
Then you need to configure Wireshark to do the following:
- Establish a SSH connection between your laptop and the Jetson Nano
- Run a tcpdump remotely on the Jetson Nano
- Stream the packets back to your laptop
Thankfully for us, Wireshark has a plugin you can install to make it work. It is called SSHdump. You need to make sure that it is checked when you install Wireshark (Under the “Tool” section) (especially when you install Wireshark on Windows).
// Set the wlan0 interface to be used in monitor mode on the proper channel (Ex: 100 here) sudo airmon-ng start wlan0 100 // OPTIONAL: Set the channel width to be 40MHz sudo iw dev wlan0mon set freq 5500 HT40+ //OPTIONAL: Set the channel width to be 80MHZ sudo iw dev wlan0mon set freq 5500 80MHz
Note: You will have to re-enter your password every time you want to do a packet capture.
Here are additional resources you can visit to get more details:
- Remote Wireless Capturing with a Jetson Nano from Gjermund Raaen: https://gjermundraaen.com/2019/10/01/remote-wireless-capturing-with-a-jetson-nano/
- Capturing 802.11ax with jetson nano from Gjermund Raaen: https://gjermundraaen.com/2019/09/25/capturing-802-11ax-with-jetson-nano/
- Using the WLAN Pi to scan for networks in WiFi Explorer Pro from Adrian Granados: https://www.adriangranados.com/blog/wlanpi-as-a-sensor
- You too can have a sub-$200 802.11ax client from John Kilpatrick: http://wifi.hypergeek.net/you-too-can-have-a-sub-200-11ax-client/
- How to setup Wi-Fi 6 sniffer Wireshark in Ubuntu from Tiger Lee: https://wifilogic.wordpress.com/2019/09/21/how-to-setup-wifi6-sniffer-in-ubuntu/
- The State of Wi-Fi 6 in Practise (WLPC EU Presentation): https://www.cleartosend.net/wp-content/uploads/2019/10/Wi-Fi6_in_the_real_world_wlpc_prague_2019.pdf