Scan nearby devices

Hi Guys,
I have a openwrt router and trying to scan nearby devices even when the devices is not connected with the router/access point. Any ideas on how to do it?

You can capture probe requests that devices send periodically using a monitor interface and tcpdump;.

Check this article for reference

Hi do I need to set my AP in monitor mode to do it? I have encounter an error "IEEE802_11 is not one of the DLTs supported by this device" when running the command

Hi I manage to make it work, but the interface/AP needs to be in monitor mode. I need to do a passive scan of all the device near my AP

Monitor mode is passive, what is wrong with it?

Sorry for the confusion, to be clear I'm trying to do this "passive tracking"(?) while in AP mode
I'm trying to get the ip address, mac address, and etc. of those devices.

what kind of router do you have, i wish this is nothing bad you are trying to do.
anyway the best tools for that kind of purpose is hcxdumptool

This is for a project only :slight_smile: and data will be analyzed. I have a TP-Link router ArcherC20 AC750.
do you have any link or tutorials that might be useful?

So, you need the info about devices not connected to your AP (including the IP address, which IP address?), but you cannot / do not want to use monitor mode... seems impossible to me.

1 Like

from my understanding he want try to hear probe request and than make fake ap to find devices with buggy wpa_supplicant, so he can get the wpa2 password in clear txt. or password in genereal.
that is the only think from a non connected device.

actually i just want to see how many devices are around my AP then get their details like ip address and mac address. Not their password

Only for known devices.

And what is a "known device"? Sorry, but it's not clear to me what are you trying to do...

Sorry, uhm it's the devices that was earlier connected with my AP, then for example they tuned off their wifi. I've read that our mobile devices still send probe request. I'm trying to capture those along with the mac address, ip and etc.
hope that was clear, it's very complex or I just dont know how to properly explain it lol :slight_smile: please bare with me

You can COUNT near-by devices, in case they are not associated with the AP, using monitor mode.
I emphasize COUNT, as the MACs of most of the devices are spoofed, then.
This is also valid for "known devices" (in your terms). However, there is a strong possibility, that such "known devices" associate to the AP, in which case real MAC can be obtained.

I did such stuff for few commercial projects.

opkg update
opkg install aircrack-ng
create a monitor interface via luci
airodump-ng wlan0 -w prova
that's all

if you want use the ap interface at the same time
create a monitor interface via luci
now the name of your monitor interface will be wlan0-1
so start your ap via luci and change form airodump command the name of your monitor interface.
airodump-ng wlan0-1 -w prova

if a device is not connected to any wifi network you cannot get any ip address with radio passive scanning

also ap mode and monitor mode on the same radio can be done only on a single channel.

Hi do you have any tutorials or links that might help me on doing this?

actually i just want to see how many devices are around my AP then get their details like ip address and mac address. Not their password

Never used airodump as others have recommended but tcpdump can get most of what you need. The man page can help you to set a filter to get what you need.

If you are intending to use this along with personal data, be aware of General Data Protection Regulation or equivalents regulation in your country.

Sorry, but you can not expect to get details about commercial projects just for free.