802.11ax Remote Packet Captures using the Jetson Nano

This solution will allow you to perform remote 802.11ax packet capture from your own laptop using the Jetson Nano.
​The benefit of using the Jetson Nano (and the Intel AX200 Wi-Fi card) to perform 802.11ax packet capture is that you get a lot more information in the RadioTap Header you get.
The benefit of doing it remotely is that you never need to directly interact with the Jetson Nano OS (no need for keyboards, screens nor mouses)

To make it work, I received help from a couple of talented guys:

They pretty much found the solutions, I was just the one implementing it 😉

HARDWARE REQUIREMENTS

Here is the equipment you need to make it work:

INITIAL SETUP OF THE JETSON NANO

Here is what you need to do on the Jetson Nano right after you have loaded the image on the SD card and created your username name:
// Update & Upgrade Ubuntu
sudo apt-get update -y
sudo apt-get upgrade -y
 
// Install the iwlwifi drivers
git clone --single-branch --branch release/core45 https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwifi.git
cd backport-iwlwifi/
make defconfig-iwlwifi-public
sed -i 's/CPTCFG_IWLMVM_VENDOR_CMDS=y/# CPTCFG_IWLMVM_VENDOR_CMDS is not set/' .config
make -j4
sudo make install
 
// Install the Intel 802.11ax drivers for linux
git clone https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware.git --branch iwlwifi-fw-2019-07-20 --single-branch
cd linux-firmware/
sudo cp iwlwifi-cc-a0-48.ucode /lib/firmware 
 
// Install Wireshark (development version)
sudo add-apt-repository ppa:wireshark-dev/stable
sudo add-apt-repository ppa:dreibh/ppa
sudo apt update
sudo apt -y install wireshark
sudo apt -y install wireshark-qt
 
// Install aircrack-ng
sudo apt -y install aircrack-ng
 
// Install tcmpdump
sudo apt -y intall tcpdump
 
// Allow the user to be able to use tcmpdump over an SSH connection (remote connection)
sudo groupadd pcap
sudo usermod -a -G pcap $USER
sudo chgrp pcap /usr/sbin/tcpdump
sudo chmod 750 /usr/sbin/tcpdump
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

INITIAL WIRESHARK CONFIGURATIONS (ON YOUR LAPTOP)

Then you need to configure Wireshark to do the following:

  1. Establish a SSH connection between your laptop and the Jetson Nano
  2. Run a tcpdump remotely on the Jetson Nano
  3. Stream the packets back to your laptop

Thankfully for us, Wireshark has a plugin you can install to make it work. It is called SSHdump. You need to make sure that it is checked when you install Wireshark (Under the “Tool” section) (especially when you install Wireshark on Windows).

CAPTURE TIME!

​When you are ready to perform the packet capture, first you need to SSH into your Jetson Nano and set the Wi-Fi card into monitor mode on the proper channel using the proper channel width:
// Set the wlan0 interface to be used in monitor mode on the proper channel (Ex: 100 here)
sudo airmon-ng start wlan0 100
 
// OPTIONAL: Set the channel width to be 40MHz
sudo iw dev wlan0mon set freq 5500 HT40+
 
//OPTIONAL: Set the channel width to be 80MHZ
sudo iw dev wlan0mon set freq 5500 80MHz
Then you can open Wireshark. In the interface list, look for “SSH remote capture: sshdump” and click on the setting gear to modify its settings:
Under the server tab, enter the IP address of the Jetson Nano and enter “22” as the port used (since we are using SSH default port here):​
Under the Authentication tab, enter the username and password to connect to your Jetson Nano.
Note: You will have to re-enter your password every time you want to do a packet capture.
Under the “Capture” tab, you need to enter the following command in the “Remote capture command” field: /usr/sbin/tcpdump -i wlan0mon -U -w –. Make sure that you also check the “Use sudo on the remote machine” check box:
Then you can click on “Start” and it will start capturing packets and streaming them back to your Wireshark session.

ADDITIONAL RESOURCES

Here are additional resources you can visit to get more details:

Leave a Reply

Your email address will not be published. Required fields are marked *