Modern routers are more than just internet sharing devices; they're powerful computing systems capable of much more than just standard packet routing. Many enthusiasts and system administrators wonder how to turn a regular access point into a fully-fledged router. WiFi radar To analyze the airwaves, search for hidden networks, and diagnose interference. This is possible by installing specialized software that puts the wireless adapter into monitoring mode.
Radar, in the context of wireless networks, involves passively listening in on the air and collecting the headers of packets sent by devices. Unlike active scanning, which reveals your presence, this approach allows you to remain invisible to others. OpenWrt And DD-WRT are the most popular operating systems that allow this functionality to be implemented on consumer hardware by providing access to low-level network card drivers.
Before beginning an experiment, it's important to understand the responsibility. Using the data obtained to hack other people's networks or violate privacy is illegal. However, using this knowledge to audit your own security, find rogue APs (unauthorized access points) in the office, or analyze channel noise levels is a completely legal and useful skill for any network engineer.
Theoretical principles of WiFi radar operation
The basis for turning a router into a radar is switching the network interface to the so-called monitor modeIn normal operation, the WiFi adapter filters packets, accepting only those addressed to it or broadcast messages. Monitor mode disables this filtering, allowing the device to capture absolutely all traffic traveling on the selected frequency, regardless of the recipient's SSID or MAC address.
The key element here is the driver's support for the technology. Packet Injection (packet injection). While injection isn't always necessary for passive radar, it's essential for active security testing and network interoperability. Not all chipsets are capable of this: solutions based on Atheros and some models Ralink, while modern chips Broadcom often have closed proprietary drivers that limit functionality.
⚠️ Warning: Switching to monitor mode may temporarily interrupt your internet connection, as the network card will no longer function as a client or access point in the traditional sense.
An antenna is also critical for effective radar operation. Standard router antennas often have low gain and an omnidirectional pattern. For long-range network detection, experts recommend connecting external high-gain antennas or directional "waveguide" antennas, which allow for signal detection at significantly greater distances.
Selecting hardware and chipset compatibility
Not every router is suitable for creating a full-fledged radar. The main selection criteria are the presence of a USB port for connecting an external WiFi adapter or an integrated chipset with open-source drivers. The integrated WiFi modules of many modern routers operate via an interface. USB or PCIe, but their drivers are often cut by the manufacturer.
The most reliable option is to use routers that support OpenWrt and connect an external USB WiFi adapter specifically designed for pentesting. Chip-based adapters are the leading choice here. Atheros AR9271, Ralink RT3070 And Realtek RTL8812AUThese chipsets have excellent support in the Linux kernel and allow easy activation of monitor mode via command-line utilities.
When choosing hardware, it's worth paying attention to frequency band support. Older radars only operate in the 2.4 GHz band, which is currently insufficient due to high noise levels. Modern solutions must support this range. 5 GHz and standards 802.11ac or 802.11axto cover the full range of possible threats and sources of interference.
Below is a table of compatibility of popular chipsets with the functions required to create a WiFi radar:
| Chipset | Monitor mode | Package injection | Range | Difficulty of setup |
|---|---|---|---|---|
| Atheros AR9271 | Supported | Stable | 2.4 GHz | Low |
| Ralink RT3070 | Supported | Stable | 2.4 GHz | Low |
| Realtek RTL8812AU | Supported | Requires patches | 2.4/5 GHz | Average |
| Broadcom BCM43xx | Limited | Unstable | 2.4/5 GHz | High |
Installing the OpenWrt operating system
The manufacturer's default firmware is generally not suitable for turning a router into a traffic analysis tool. It lacks the necessary packages and tools. The optimal solution is to install an operating system. OpenWrt, which is a Linux distribution specifically adapted for embedded devices.
The process begins with finding a suitable build for your router model on the project's official website. Important Download the version that matches the hardware revision of your device, as even minor changes to the board can brick the device. After downloading the firmware image, log in to the router's web interface and use the manual firmware update feature, specifying the path to the downloaded file.
☑️ Preparing for firmware
After successfully installing OpenWrt, you'll be able to access the system via SSH. This allows you to install additional packages. First, you need to update the repository lists and install a basic set of network utilities. Commands are entered in the terminal, requiring minimal Linux command line skills.
⚠️ Warning: Incorrectly flashing your router firmware may void your warranty and cause the device to malfunction. Always check the firmware file hash before installing.
Setting up monitoring and injection mode
After installing the system and connecting a compatible USB WiFi adapter, you need to put the interface into monitoring mode. In Linux, this is done using the utility iw or airmon-ngFirst, you need to determine the name of your wireless interface, which usually looks like wlan0, wlan1 or phy0.
To activate monitor mode, a command is used that stops current processes that interfere with operation and changes the card's operating mode. In OpenWrt, this might look like a sequence of commands that stop network services and start them. iw dev wlan0 set monitor noneAfter this, the interface is renamed, often receiving a suffix mon, which indicates his readiness for passive listening.
What to do if the mode does not turn on?
If the command doesn't work, check whether the driver module is blocked. Sometimes you need to manually load the kernel module using the modprobe command or disable the wpa_supplicant processes that are taking control of the adapter.
To check the radar's functionality, run a channel scan. You should see a list of all networks in range, even those that hide their SSIDs (they will be displayed as hidden). If you see data packets and beacon frames, your WiFi radar is functioning correctly and is ready for more complex analysis tasks.
Using Kismet to analyze wireless space
One of the most powerful programs for turning a router into a radar is KismetKismet is a server-based network discovery system, packet sniffer, and intrusion detection system. Kismet runs in the background, collecting data from all available interfaces in monitor mode and storing it for later analysis.
Kismet's main advantage over simple scanners is its ability to detect networks that don't broadcast packets by analyzing client traffic. The program creates a detailed network map, displaying not only the SSID but also the channel, signal strength, encryption, and a list of connected clients. The data can be viewed through the web interface by connecting to the router from another device.
Setting up Kismet in OpenWrt requires installing the package kismet and its dependencies. Configuration file kismet.conf Allows flexible configuration of data sources, logging rules, and web server parameters. Once the service is launched, Kismet begins collecting data, which can be visualized in real time or analyzed post-factum.
Data visualization and interpretation of results
The collected data itself is just a collection of logs. To turn it into a meaningful picture, visualization tools are needed. Kismet provides a basic web interface, but for in-depth analysis, it is often combined with Wireshark On a PC. Log files (usually in pcap or pcapng format) can be transferred from the router to a computer and opened in Wireshark for detailed packet inspection.
When analyzing radar results, pay attention to the noise floor and signal-to-noise ratio (SNR). High noise levels may indicate the presence of microwave ovens, Bluetooth devices, or nearby powerful transmitters. Radar helps identify "dead zones" and channels most susceptible to interference, which is critical for corporate network planning.
The radar also allows you to identify devices with vulnerable security protocols, such as those using WEP or outdated WPA-TKIPThe discovery of such networks within the corporate perimeter should trigger an immediate response, as they are easy targets for attack.
Legal aspects and ethics of use
Using WiFi radar is a legal gray area in many countries unless certain rules are followed. Passive eavesdropping (sniffing) is not a crime in most jurisdictions, as radio waves propagate in public spaces. However, attempting to decode encrypted traffic without the network owner's permission or connecting to someone else's network is considered a computer crime.
Information security specialists use such tools exclusively as part of an agreed audit (Pentest) or to diagnose their own networks. Ethical hacker Always obtain written permission from the infrastructure owner to carry out work. Using radar to collect data on neighbors or competitors is prohibited and may result in legal liability.
⚠️ Please note: Telecommunications legislation is changing. Before beginning work, ensure that your actions comply with local communications and personal data protection laws.
FAQ: Frequently Asked Questions
Is it possible to make a WiFi radar without installing OpenWrt?
Theoretically, it's possible if the router's default Linux firmware supports scripts or has built-in diagnostics (as in some Keenetic or Mikrotik models). However, the functionality will be severely limited compared to a fully-fledged Kismet on OpenWrt. For serious work, installing an alternative OS is necessary.
What is the range of a homemade WiFi radar?
The range depends not on the router, but on the antenna. With the standard antenna, it's 50-100 meters in a line of sight. With a directional antenna, the range can reach several kilometers. Receiver sensitivity also plays a role, but the law of signal decay remains.
Will the radar slow down my internet?
If you use a separate USB adapter for the radar, it won't affect your primary internet speed. However, if you put your router's primary WiFi card into monitor mode, WiFi internet sharing will stop, as the card won't be able to simultaneously broadcast and monitor the airwaves on the same frequency channel.
Is it safe to keep Kismet running all the time?
Yes, it's safe for your hardware. Kismet uses minimal CPU resources. However, constantly writing logs can quickly fill up your router's flash memory. We recommend setting up log rotation or uploading data to an external server or USB drive.