Airtool Pi allows you to perform remote Wi-Fi packet captures from your iPhone or iPad using Linux-based sensors. Airtool Pi is Airtool 2‘s little brother. Both Airtool Pi and Airtool 2 use the same components for connecting and capturing Wi-Fi traffic from a remote sensor, so you can use the same sensors that Airtool 2 supports today with Airtool Pi.

As active contributors to the WLAN Pi project, we’ve ensured that Airtool Pi works out-of-the-box with the WLAN Pi Pro and older versions of the WLAN Pi. Airtool Pi also takes advantage of the Wi-Fi 6E capabilities of the WLAN Pi Pro, allowing you to capture Wi-Fi traffic from 6 GHz wireless networks. Nevertheless, we’ve also designed Airtool Pi to work with other single-board computers, including the Raspberry Pi.

Capturing Wi-Fi packets using Airtool Pi is very simple. Add a sensor by providing the hostname or IP address. Then, specify the Wi-Fi interface, frequency band, channel, and channel width and tap Capture. Airtool Pi will take care of the rest. Airtool Pi saves packet captures locally on your iPhone or iPad. You can share the packet captures using AirDrop or email, or save them to your iCloud Drive for later analysis using Wireshark or your favorite protocol analyzer.

Additionally, you can configure Airtool Pi to limit the size of the packet captures or whether you want to discard the data frame payloads (also known as packet slicing) to save space or protect the users’ privacy.

Build your own remote sensors

To use any Linux box as a remote sensor with Airtool Pi, you must ensure the device allows SSH access using password authentication (Airtool Pi doesn’t support passwordless authentication at the moment). Also, for a Linux device to work as a remote sensor, you must ensure the following utilities are installed:

  • airmon-ng (aircrack-ng) – if needed by the Wi-Fi adapter to use monitor mode
  • ifconfig (net-tools)
  • ip (iproute2)
  • iw (wireless-tools)
  • iwconfig (wireless-tools)
  • tcpdump
  • wpa_cli (wpasupplicant)

The SSH user must have permission to run these utilities using sudo without entering a password. You can configure no passsword sudo for only these utilities by creating a file under the /etc/sudoers.d/ directory called, for example, wlandump, with the following contents (paths can vary between Linux distributions):

Copy to Clipboard

Where myusername  is the username for SSH access. Then, make the file not writable:

Copy to Clipboard

The utilities listed in the wlandump file can now be executed with sudo permissions without entering a password.

You will also need a Wi-Fi adapter that supports monitor mode (monitor mode lets us sniff Wi-Fi traffic, which we require for capturing). Airtool Pi will automatically choose the first wireless interface to do the capture, but you can also specify the interface name you wish to use when starting the remote capture.

We hope you find Airtool Pi helpful. Airtool Pi is available on the App Store for any iPhone and iPad running iOS 14.1 or higher.