- A Linux kernel with support for the kernel/user netlink socket. (CONFIG_NETLINK)
- The linux-wlan-ng package (version 0.1.6) from Absolute Value Systems (ftp.absoval.com/pub/linux-wlan-ng). Newer versions do not support monitor-mode and thus need a new plugin(
- A IEEE 802.11b WLAN NIC based on Intersils Prism-II chipset. Any adapter supported by the linux-wlan-ng package should work.
1. Become root2. Place your WLAN-adapter in what is known as monitor mode (for a description of monitor-mode, see the linux-wlan-ng sources). You do this by using the command
wlanctl-ng device lnxreq_wlansniff channel=ch enable=true|false.For example, if you want to listen to all traffic on channel three and your WLAN adapter is WLAN0 you would issue the command:wlanctl-ng WLAN0 lnxreq_WLANsniff channel=3 enable=true.3. run prismdump with a capture file as the argument. Example could be
prismdump test-1.capture4. Once you are satisfied press CTRL-C to end your capture session.
5. Open the file "test-1.capture" with ethereal.
1. If your interface is not configured correctly prismdump will hang in the recvfrom call and thus CTRL-C will not work. You must then kill it manually.
2. There seems to be a problem with the kernel-user netlink buffers. It overflows when the WLAN is heavily loaded. This is not a bug in prismdump.