How to Make a WiFi Radar: A Complete Guide to Wireless Network Analysis

Create your own WiFi radar — This isn't just a fun experiment for cybersecurity enthusiasts, but also a powerful tool for diagnosing problems in corporate or home networks. Imagine being able to see the invisible: all devices, access points, channels, and even hidden SSIDs within range of your equipment. This turns your laptop or smartphone into a fully-fledged radio frequency spectrum monitoring station.

Unlike standard scanners that only show the networks available for connection, professional radar allows you to intercept control frames, analyze noise levels and identify potential configuration vulnerabilities. For full monitoring of hidden networks (Hidden SSID), it is critical to have an adapter that supports Monitor Mode and packet injection. Without this hardware capability, you will see only encrypted noise instead of a detailed map of the airwaves.

In this article, we'll walk you through the process of building such a device from scratch using readily available hardware and open-source software. You'll learn how to turn a simple USB adapter into a powerful analysis tool, which Linux distributions are best suited for these tasks, and how to interpret the resulting data to strengthen your network's security.

Operating principle and necessary components

The fundamental idea of ​​WiFi radar is to convert the wireless interface into a mode Monitor ModeIn its normal state, the network card ignores packets addressed to other devices, focusing only on its own. However, in monitoring mode, the adapter begins capturing all traffic, regardless of whether it's intended for your device. This allows you to build a complete picture of what's happening in the 2.4 GHz and 5 GHz bands.

To assemble such an analyzer, you'll need specialized hardware, as most modules built into laptops have limited driver functionality. The main requirement is that the chipset support packet injection and monitoring technologies. External USB adapters based on chips from Atheros, Ralink or Realtek (RTL8812AU, AR9271 series).

⚠️ Warning: Using monitor mode and intercepting traffic on other networks without the owner's written permission may violate the laws of your country. All actions in this article should be performed solely for educational purposes or within your own network.

In addition to the hardware, a software environment is required. Standard operating systems like Windows or macOS have limited support for low-level WiFi card functions. Therefore, the "gold standard" in the industry is to use specialized Linux distributions, such as Kali Linux, Parrot OS or BlackArch, where all the necessary drivers and utilities are already pre-installed and configured.

Equipment selection: adapters and antennas

The quality of your radar depends directly on the receiver you choose. Built-in laptop modules often have weak antennas and drivers, limiting functionality beyond the basics. Therefore, the first step is purchasing a compatible external adapter. There are many models on the market, but not all are suitable for pentesting and in-depth analysis.

When choosing, pay attention to the presence of an external antenna or a connector for it. Adapters with a connector RP-SMA Allows you to connect a directional antenna (such as a Yagi or panel antenna), significantly increasing the range of your radar. This transforms the device from a simple room analyzer into a tool for surveying the perimeter of a building.

Let's look at popular models that have proven themselves in the community:

  • 📡 Alfa Network AWUS036NHA — a classic on the Atheros AR9271 chip, ideal for 2.4 GHz, distinguished by high driver stability.
  • 📡 Alfa Network AWUS036ACH — dual-band monster (2.4/5 GHz) based on Realtek RTL8812AU, supports AC1200 standard and injections.
  • 📡 Panda PAU09 — a budget option on the Ralink RT5370 chip, good for training, but has lower transmission power.
  • 📡 TP-Link TL-WN722N (v1 only!) — a legendary model, but newer versions (v2/v3) use different chips and often do not support the necessary functions.

It's important to understand the difference between reception sensitivity and transmission power. For radar, which actually "listens" to the airwaves, antenna sensitivity and quality are more important. High-power signal amplifiers (LNAs) help capture weak signals from remote access points that a standard adapter simply wouldn't detect.

Installing the operating system and drivers

Once you've acquired compatible hardware, you need to prepare the software platform. The most effective way is to install Kali LinuxYou can install it as the main system, use LiveUSB mode without installation, or run it in a virtual machine (VirtualBox/VMware), although using WiFi in a virtual machine will require USB forwarding, which isn't always reliable.

If you're using a distribution that doesn't include the driver automatically, you'll need to compile it manually. This is a standard procedure for adapters based on Realtek chips. First, install the kernel headers and compiler tools by running the following command in the terminal:

sudo apt update && sudo apt install linux-headers-$(uname -r) build-essential git

Next, clone the driver repository for your chipset from GitHub and run the installation script. The process may vary depending on the Linux kernel version, so always consult the official documentation from the chip manufacturer or the driver repository.

Driver issues in newer Linux kernels

In the latest Linux kernel versions (5.10+), older drivers for RTL8812AU chips may not be built automatically. In this case, you should look for driver forks that support newer kernels, such as the forks from the aircrack-ng developer or morrownr on GitHub. Without this, the adapter will only work in normal mode, not in monitoring mode.

After installing the drivers, you need to check the interface status. Command iwconfig or ip link will display a list of network interfaces. Your WiFi adapter is usually labeled as wlan0 or wlx...Make sure the system sees the device correctly before proceeding to the next step.

Setting Monitor Mode

The key to creating a radar is switching the interface to monitor mode. In normal mode (Managed Mode), the card connects to the access point. In Monitor Mode, it becomes a passive listener. To manage this process in Kali Linux, use the utility airmon-ng, included in the package aircrack-ng.

Before starting monitoring, it is extremely important to stop processes that may use the WiFi adapter and cause conflicts. System services such as NetworkManager or wpa_supplicant will attempt to automatically connect to known networks, which will interrupt packet capture. Use the command airmon-ng check kill to automatically terminate such processes.

Then activate the monitoring mode with the command:

sudo airmon-ng start wlan0

After running this command, the interface name often changes by adding a suffix mon (For example, wlan0mon). This means the adapter is ready to intercept all traffic on the air. Now you can run the scanner, for example, airodump-ng wlan0mon, and see a list of all networks around.

☑️ Radar readiness check

Completed: 0 / 5

It's worth noting that not all adapters perform equally well on different channels. Some cheap models can "drop" packets under heavy air traffic. Professionals often use external GPS modules along with WiFi radars to pinpoint the coordinates of detected access points, creating so-called WarDriving cards.

Data analysis and network visualization

When the radar is running, a data stream opens in front of you. Utility airodump-ng Displays MAC addresses (BSSID), channels, signal strength (PWR), number of data packets, and network names (ESSID). However, the text in the terminal is difficult to analyze quickly. Graphical interfaces and additional utilities are used for visualization and deeper analysis.

One of the most powerful tools is KismetThis isn't just a scanner, but a fully-fledged intrusion detection system (IDS) and sniffer. Kismet can run in the background, recording all traffic to log files, and has a web interface accessible from any device on the local network. This allows you to turn your laptop into a permanent surveillance post.

Comparison of the main tools for analysis:

Tool Interface type Main function Complexity
Airodump-ng Terminal (CLI) Capture packets, find hidden SSIDs Low
Kismet Web / Terminal Passive monitoring, IDS, logging Average
Wireshark Graphical (GUI) Deep Packet Inspection High
Wifite2 Terminal (Auto) Automated security audit Low

For beginners, the utility will be an excellent option Wifite2, which automates the scanning and attack process. It automatically switches channels, stores handshakes, and attempts to brute-force passwords. However, for pure analysis and radar construction, it's better to use a combination Airodump-ng for collection and Wireshark for a detailed study of the contents of the packages.

📊 Which WiFi analysis interface do you prefer?
Terminal (CLI) - fast and powerful
Graphical (GUI) - visually understandable
Web interface - convenient from your phone
Automatic scripts - minimum steps

Diagnostics of interference and hidden threats

The WiFi radar you create is more than just a toy; it's also a serious diagnostic tool. In apartment buildings, the 2.4 GHz band is often overloaded. Using the radar, you can see which channels are free and where the largest concentration of neighboring routers is. This helps you choose the optimal channel for your router and improve internet speed.

In addition, the radar can detect devices such as WiFi Pineapple or Evil Twin (Evil Twin). If you see two access points with the same MAC address (cloning) or with the same name but different security settings, this is a sign of a possible attack. Radar also shows devices actively scanning the air (Probe Requests), revealing the history of their owner's locations.

⚠️ Note: The interfaces and functionality of software tools (Kali, Aircrack-ng) may be updated. Commands and file paths in newer versions of distributions may differ from those described in older manuals. Always check the help (man or --help) for the version of software you have installed.

Signal analysis (PWR) helps pinpoint the physical location of a device. By moving the radar and monitoring signal strength changes in real time, you can pinpoint the exact location of the radiation source within or outside the building. This is useful for locating forgotten access points or unauthorized devices in an office.

FAQ: Frequently Asked Questions

Is it possible to make a WiFi radar on Android?

Yes, it's possible, but it requires root access and a special external adapter connected via OTG. Built-in smartphone modules rarely support Monitor Mode. Popular apps: WiFi Analyzer (basic analysis) or terminals running Kali Nethunter.

What is the range of a homemade radar?

The range depends on the adapter's power and the antenna type. With a standard antenna, it's 50-100 meters in a line of sight. With a directional antenna (such as a Yagi), the range can reach several kilometers, allowing you to see networks in neighboring blocks.

Will the radar work without the Internet?

Yes, absolutely. The WiFi radar operates at the driver and radio interface level. Internet access is only required for the initial OS installation, drivers, and updates. The scanning and analysis process itself occurs locally.

Is Monitor Mode dangerous for a laptop?

No, the adapter's software mode does not pose a physical risk to the hardware. However, it may cause software conflicts with network services, so it is recommended to use a virtual machine or Live USB to avoid damaging the main system.