Usage
Enabling the monitor mode
To be able to sniff the probe requests, your Wi-Fi network interface must be set to monitor mode.
With ip and iw
sudo ip link set <wireless interface> down
sudo iw <wireless interface> set monitor control
sudo ip link set <wireless interface> up
For example:
sudo ip link set wlan0 down
sudo iw wlan0 set monitor control
sudo ip link set wlan0 up
With ifconfig and iwconfig
sudo ifconfig <wireless interface> down
sudo iwconfig <wireless interface> mode monitor
sudo ifconfig <wireless interface> up
For example:
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ifconfig wlan0 up
With airmon-ng from aircrack-ng
To kill all the interfering processes:
sudo airmon-ng check kill
To enable the monitor mode:
sudo airmon-ng start <wireless interface>
For example:
sudo airmon-ng start wlan0
Command line arguments
Toolkit for Playing with Wi-Fi Probe Requests
usage: probequest [-h] [--debug] [--fake] [--ignore-case] [-o OUTPUT_FILE]
[--version] [-e ESSID [ESSID ...] | -r REGEX]
[--exclude STATION [STATION ...] | -s STATION [STATION ...]]
interface
Positional Arguments
- interface
wireless interface to use (must be in monitor mode)
Named Arguments
- --debug
debug mode
Default: False
- --fake
display only fake ESSIDs
Default: False
- --ignore-case
ignore case distinctions in the regex pattern (default: false)
Default: False
- -o, --output
output file to save the captured data (CSV format)
- --version
show program’s version number and exit
- -e, --essid
ESSID of the APs to filter (space-separated list)
- -r, --regex
regex to filter the ESSIDs
- --exclude
MAC addresses of the stations to exclude (space-separated list)
- -s, --station
MAC addresses of the stations to filter (space-separated list)
Example of use
sudo probequest wlan0
Here is a sample output: