1

I'm trying to dump all of the beacons received by the wifi adapter into a CSV file, so that I can monitor the RSSI (Power) over time. The man page states that the flag --beacons will output all beacons to the capture file, but this doesn't seem to be the case.

 -e, --beacons
          It will record all beacons into the cap file. By default it only records one beacon for each network.

The command airodump-ng --beacons -w scan wlan0 produces a file scan-04.csv containing:

BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key
EC:08:6B:45:86:62, 2020-03-27 19:55:43, 2020-03-27 19:55:48,  2,  54, WPA2WPA , CCMP,PSK, -59,       42,        6,   0.  0.  0.  0,  12, TP-LINK_8662,
EC:43:F6:68:C0:B8, 2020-03-27 19:55:43, 2020-03-27 19:55:48,  1,  54, WPA , CCMP TKIP,PSK, -37,       40,        0,   0.  0.  0.  0,   8, TestAP_1,

Any advice on how to dump each beacon with the power level / RSSI to a file?

IeuanG
  • 13
  • 4
  • Are you sure the command has enough time to run to detect all the beacons? How many beacons are there really in your range? – kurcze Apr 04 '20 at 23:19

1 Answers1

1

You could try redirecting stderr and then filtering the output; selecting only the lines with at least a mac address (but excluding those with 2 mac addresses, which correspond to clients), something along this line:

airodump-ng --beacons mon0 2>&1 | grep -Eo "^.{30}" | grep -Eo "(([0-9A-Fa-f:]{17})\s+([0-9\-]+))"

Output:

enter image description here

BUT... it would be much better to use a tool like tshark (part of wireshark), which is designed to this kind of task:

tshark -i mon0 -n -l subtype probereq
dariox
  • 136
  • 4