Airtool Pi allows you to perform remote Wi-Fi packet captures from your iPhone or iPad using Linux-based sensors. Airtool Pi is Airtool 2‘s little brother. Both Airtool Pi and Airtool 2 use the same components for connecting and capturing Wi-Fi traffic from a remote sensor, so you can use the same sensors that Airtool 2 supports today with Airtool Pi.
As active contributors to the WLAN Pi project, we’ve ensured that Airtool Pi works out-of-the-box with the WLAN Pi Pro and older versions of the WLAN Pi. Airtool Pi also takes advantage of the Wi-Fi 6E capabilities of the WLAN Pi Pro, allowing you to capture Wi-Fi traffic from 6 GHz wireless networks. Nevertheless, we’ve also designed Airtool Pi to work with other single-board computers, including the Raspberry Pi.
Capturing Wi-Fi packets using Airtool Pi is very simple. Add a sensor by providing the hostname or IP address. Then, specify the Wi-Fi interface, frequency band, channel, and channel width and tap Capture. Airtool Pi will take care of the rest. Airtool Pi saves packet captures locally on your iPhone or iPad. You can share the packet captures using AirDrop or email, or save them to your iCloud Drive for later analysis using Wireshark or your favorite protocol analyzer.
Additionally, you can configure Airtool Pi to limit the size of the packet captures or whether you want to discard the data frame payloads (also known as packet slicing) to save space or protect the users’ privacy.
Build your own remote sensors
To use any Linux box as a remote sensor with Airtool Pi, you must ensure the device allows SSH access using password authentication (Airtool Pi doesn’t support passwordless authentication at the moment). Also, for a Linux device to work as a remote sensor, you must ensure the following utilities are installed:
- airmon-ng (aircrack-ng) – if needed by the Wi-Fi adapter to use monitor mode
- ifconfig (net-tools)
- ip (iproute2)
- iw (wireless-tools)
- iwconfig (wireless-tools)
- tcpdump
- wpa_cli (wpasupplicant)
The SSH user must have permission to run these utilities using sudo without entering a password. You can configure no passsword sudo for only these utilities by creating a file under the /etc/sudoers.d/ directory called, for example, wlandump, with the following contents (paths can vary between Linux distributions):
Where myusername is the username for SSH access. Then, make the file not writable:
The utilities listed in the wlandump file can now be executed with sudo permissions without entering a password.
You will also need a Wi-Fi adapter that supports monitor mode (monitor mode lets us sniff Wi-Fi traffic, which we require for capturing). Airtool Pi will automatically choose the first wireless interface to do the capture, but you can also specify the interface name you wish to use when starting the remote capture.
We hope you find Airtool Pi helpful. Airtool Pi is available on the App Store for any iPhone and iPad running iOS 14.1 or higher.
[…] All you need is a WLANPi (Neo 2 is what I used; you can build you own as discussed by Adrian here). […]
Do you know of a method to enable a WlanPi (not pro, original black) to collect 6GHz for this tool? I just bought your iOS tool and really want to use 6 GHz somehow. Thanks!
Hi Ryan, you will need a 6 GHz capable USB Wi-Fi adapter such as the Comfast CF-951AX or CF-953AX, but unfortunately, this adapter requires Linux kernel 5.19 or newer plus other tweaks to be able to work on 6 GHz. We haven’t done it, but you may try to build the latest Linux kernel and install it in the original WLAN Pi. I’m not sure what’s involved to do so, though. If you have a Raspberry Pi, you could install the latest WLAN Pi Pro pre-release image, which comes with all you need to scan and capture 6 GHz networks using the CF-951AX or CF-953AX adapters.
That is interesting – I read a thread stating those are 6GHz capable but do not have it listed as such at online stores.
I have a questino for you – I am trying to get it working on my WlanPi (v1.9) and it isn’t working. I’ve tried to initiate command logging but I don’t see what the commands are that are being sent, in order to troubleshoot. Do you have a minimum version required (WlanPi version, dependency versions), or the list of commands the Airtool Pi is sending to help troubleshoot? Many thanks, -Ryan
Hi Ryan, follow the instructions under “Building a sensor” in this help entry for Airtool 2 (same applies to Airtool Pi): https://intuitibits.com/help/airtool2/#/topic-capture-remote_capture
That should do it.