BryceThomas

I am trying to launch tcpdump on boot by editing the rc.local script through the Pineapple web interface. I am doing this because I want to be able to simply plug the Pineapple in and have it start collecting packets. My rc.local script is as follows: wifi hostapd_cli -p /var/run/hostapd-phy0 karma_disable #Don't touch anything above this line CAPTURE_DIRECTORY="/usb/" CAPTURE_DIRECTORY_DISK_USAGE=$(du -s $CAPTURE_DIRECTORY | awk '{print $1}') TCPDUMP_FILE_PREFIX=${CAPTURE_DIRECTORY}${CAPTURE_DIRECTORY_DISK_USAGE}$(echo ".pcap") airmon-ng stop mon0.wlan0 airmon-ng start wlan0 tcpdump -i mon0 -n -C 10 -w $TCPDUMP_FILE_PREFIX #Add your commands above this exit 0 This is not working. In the logs I see this: 00:01:01 Pineapple user.info sysinit: /etc/rc.local: line 10: tcpdump: not found I take it this means tcpdump is not yet available at the time the boot script runs (I have run tcpdump from ssh OK). Can anyone suggest a way around this, or some other way I can achieve effectively the same outcome of capturing packets in monitor mode on boot?

Same problem here. I believe it's recognized as an issue by SanDisk http://forums.sandisk.com/t5/All-SanDisk-USB-Flash-Drives/SanDisk-Cruzer-Blade-16GB-write-protected-error/td-p/253484/page/7 .

Thanks for your help guys. While I have airodump-ng working, I don't believe it has the option to split the captured packets into files of size x, the way you can using the "-C" option with tcpdump. What I've experimented with is: ssh root@172.16.42.1 airmon-ng stop mon0.wlan0 airmon-ng start wlan0 tcpdump -i mon0 -w /usb/targetdumpfile.pcap This *does* seem to capture packets from clients which *aren't* connected (which I want). For example, I see probe requests to other ESSIDs in the packet capture file. *However*, there seems to be substantial packet drops: root@Pineapple:~# tcpdump -i mon0 -w /usb/mytcpdump.pcap tcpdump: WARNING: mon0: no IPv4 address assigned tcpdump: listening on mon0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 65535 bytes ^C3150 packets captured 3542 packets received by filter 379 packets dropped by kernel Any idea why ~10% of packets would be getting dropped?

In my last post I asked about using the Wi-Fi Pineapple as a passive monitor mode device. airodump-ng was suggested and I've managed to get some packet capture working with it, to a USB drive. However, there are a few things airodump-ng won't do that tshark will, and so I would like to install tshark onto my Wi-Fi Pineapple if possible. I have tried executing opkg install --dest usb tshark but get Unknown package 'tshark'. Collected errors: * opkg_install_cmd: Cannot install package tshark. I am guessing this means tshark is not one of the standard packages available in the opkg repository. Is there any other way I can get tshark installed on my Wi-Fi Pineapple? Cheers, Bryce.

I apologize if this is either a n00b question or in the wrong place, though I have done some looking and have not found the information I am after. I am interested to know whether the Pineapple can be used as a passive monitor mode device to simply collect packets over the air in its vicinity. The current solution I am using is a Macbook Pro laptop with Backtrack 5 installed on it, hooked up to an ALFA AWUS036H Wi-Fi adapter. I put the ALFA into monitor mode using airmon-ng and then collect packets using Wireshark. The problem with this is that it's not particularly portable and not cheap to replicate (I'd like to have several identical setups). My questions regarding the Pineapple are: - Does it go into monitor mode (not simply promiscuous mode)? - Does it support capturing to some form of mass storage (USB drive would be fine)? - If monitor mode is supported, is it supported on the internal Wi-Fi chip, or only on a USB Wi-Fi adapter? - Does the Pineapple support the ALFA AWUS036H, or only the AWUS036NHA in the HakShop? - Is a USB battery pack sufficient to power the Pineapple, USB Wi-Fi card (e.g. an ALFA) and USB storage drive combined? I *do not* require a GUI for packet capture, and in fact I would prefer a terminal command. Again I apologize if these are n00b questions. I have found much information about using the Pineapple for various hacks, but little in regards to using it as a passive monitoring device.