Usage

Enabling the monitor mode

To be able to sniff the probe requests, your Wi-Fi network interface must be set to monitor mode.

With ip and iw

sudo ip link set <wireless interface> down
sudo iw <wireless interface> set monitor control
sudo ip link set <wireless interface> up

For example:

sudo ip link set wlan0 down
sudo iw wlan0 set monitor control
sudo ip link set wlan0 up

With ifconfig and iwconfig

sudo ifconfig <wireless interface> down
sudo iwconfig <wireless interface> mode monitor
sudo ifconfig <wireless interface> up

For example:

sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ifconfig wlan0 up

With airmon-ng from aircrack-ng

To kill all the interfering processes:

sudo airmon-ng check kill

To enable the monitor mode:

sudo airmon-ng start <wireless interface>

For example:

sudo airmon-ng start wlan0

Command line arguments

Toolkit for Playing with Wi-Fi Probe Requests

usage: probequest [-h] [--debug] [--fake] [--ignore-case] [-o OUTPUT_FILE]
                  [--version] [-e ESSID [ESSID ...] | -r REGEX]
                  [--exclude STATION [STATION ...] | -s STATION [STATION ...]]
                  interface

Positional Arguments

interface

wireless interface to use (must be in monitor mode)

Named Arguments

--debug

debug mode

Default: False

--fake

display only fake ESSIDs

Default: False

--ignore-case

ignore case distinctions in the regex pattern (default: false)

Default: False

-o, --output

output file to save the captured data (CSV format)

--version

show program’s version number and exit

-e, --essid

ESSID of the APs to filter (space-separated list)

-r, --regex

regex to filter the ESSIDs

--exclude

MAC addresses of the stations to exclude (space-separated list)

-s, --station

MAC addresses of the stations to filter (space-separated list)

Example of use

sudo probequest wlan0

Here is a sample output:

_images/probequest_output_example.png