1

I'm trying to dump all of the beacons received by the wifi adapter into a CSV file, so that I can monitor the RSSI (Power) over time. The man page states that the flag --beacons will output all beacons to the capture file, but this doesn't seem to be the case.

 -e, --beacons
          It will record all beacons into the cap file. By default it only records one beacon for each network.

The command airodump-ng --beacons -w scan wlan0 produces a file scan-04.csv containing:

BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key
EC:08:6B:45:86:62, 2020-03-27 19:55:43, 2020-03-27 19:55:48,  2,  54, WPA2WPA , CCMP,PSK, -59,       42,        6,   0.  0.  0.  0,  12, TP-LINK_8662,
EC:43:F6:68:C0:B8, 2020-03-27 19:55:43, 2020-03-27 19:55:48,  1,  54, WPA , CCMP TKIP,PSK, -37,       40,        0,   0.  0.  0.  0,   8, TestAP_1,

Any advice on how to dump each beacon with the power level / RSSI to a file?

Improve this question
1
  • Are you sure the command has enough time to run to detect all the beacons? How many beacons are there really in your range? Commented Apr 4, 2020 at 23:19

1 Answer 1

Reset to default
1

You could try redirecting stderr and then filtering the output; selecting only the lines with at least a mac address (but excluding those with 2 mac addresses, which correspond to clients), something along this line:

airodump-ng --beacons mon0 2>&1 | grep -Eo "^.{30}" | grep -Eo "(([0-9A-Fa-f:]{17})\s+([0-9\-]+))"

Output:

enter image description here

BUT... it would be much better to use a tool like tshark (part of wireshark), which is designed to this kind of task:

tshark -i mon0 -n -l subtype probereq
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.