Alta Labs APs include the tcpdump utility, nc, and support for monitor mode interfaces. This makes debugging difficult WiFi situations a breeze with real-time packet capture.

You will need to use SSH or the debug terminal to perform these steps. SSH is generally recommended as it is generally more reliable and does not lose connection when a browser tab is deprioritized/closed, etc.

For more information on SSH, please visit this link. To open a debug terminal to an AP, switch to the “Network” tab, and shift-click on the name of your AP.

Access Point Preparation

Now, identify which “phy” you want to monitor. A “phy” is the “physical” WiFi interface which allows you to monitor packets at the WiFi layer.

You can use the following command to list all of the properties of each radio:

iw phy

WiFi phy interfaces that are typically used for the AP6, AP6-Pro, AP6-Pro-Outdoor, and AP6W:

For example, to create a monitor-mode interface on the 5 GHz radio on the AP6-Pro, and then bring it up, issue the following command:

iw phy phy1 interface add mon0 type monitor

ifconfig mon0 up

Client Machine Preparation

To start analyzing packets, run the following command on the client machine (for Mac and Linux; see below for Windows instructions and more details if needed):

nc -l -p 3333 | wireshark -k -i -

(3333 can be replaced with any other number between 1024 and 65535)

This will start a TCP socket server on port 3333, and forward all captured packets to Wireshark. Make sure your computer firewall is not blocking this port.

Send Traffic from AP to Client

On the AP, run the following:

tcpdump -n -s 0 -i mon0 -U -w - | nc 192.168.1.10 3333

Replace 192.168.1.10 with the IP address of your computer.

You will then see a real-time flow of packets as seen by the AP. Keep in mind that your connection to the AP must be fast enough to handle the packets that are coming in.

Stopping Capture

When finished, you can press ctrl-c to stop tcpdump, then delete the monitor-mode interface with the following command on the AP:

iw dev mon0 del

Client Machine Preparation Details

The client system must have netcat or ncat installed, as well as Wireshark. Potential caveats and instructions for each operating system follow.

Linux

Most desktop Linux distributions ship with netcat installed by default. If nc is not present on your system, it is available in all the common package managers. In Debian/Ubuntu and derivatives, it can be installed with:

apt install netcat-openbsd

Wireshark is also available in common package managers. It can be installed on Debian/Ubuntu based systems with:

apt install wireshark

After installing netcat and Wireshark, the exact command above can be used to open the capture stream in Wireshark:

nc -l -p 3333 | wireshark -k -i -

MacOS

The netcat included in macOS by default requires different arguments than the most common Linux netcat version. Wireshark is often also aliased to an open command which means the arguments must be handled differently. After installing Wireshark, you can run the following:

nc -l 3333 | wireshark --args -k -i -

Windows

Rather than netcat on Windows, you will want to use nmap’s ncat. It’s obtained by installing nmap from its downloads page. After installing nmap, you will have ncat available. Wireshark must also be installed, from the Wireshark website. Once both of these are installed, open a command prompt, and run the following:

ncat -l 3333 | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -

If Wireshark does not display anything, the Windows firewall is likely blocking the communication from the AP to the client.