Picture this horror, you are a wireless pro without a Mac. Now get out of the fetal position and stop self soothing, we can do a Wi-Fi 6E .pcap with a Windows box with a little work. After messing about, I was able to get a capture of my MacBook and iPad Pro connecting to a 6Ghz only SSID – yeah, I know I should have a 5Ghz of the same SSID for discovery, but I wanted to force the dumb clients to 6Ghz and see it all natively. There may be a lot easier way to do it, but this was my process. Thanks to Alex Six for sanity checking my Linux Fu.
My setup (these are not sponsored/affiliate links):
- The RAD little BeeLink Ryzen 5 5500u mini PC I use as a scratch box/bastion host running Windows 11. It was $270, I dumped in $70 to upgrade it to 64GB of RAM, and it is a beast, plus tiny and low power draw. I have several VMs and Dockers happily running on it. Needless to say, whatever PC you have lying around should do the trick, I just dig this little thing and have been singing its praises to all who will listen.
- ALFA AWUS036AXML USB WLAN adapter
- Kali Linux in VirtualBox 7
- 1x River City Root Beer
- Ubiquiti UNIFI U6-ENTERPRISE-IW-US
I first created the 6Ghz SSID “Order66” with WPA3 and set it to channel 37 for testing. On the PC I started by downloading and installing the Windows “driver” executable for the AWUS036AXML here. I am annoyed that to get the driver you need to use their installer, but it was the only way to get it that I could find. It took a couple of tries to get the adapter to enable. Eventually I had to go into Device Mangler and disable the in-built WLAN adapter on the PC, unplug the Alfa adapter, then reboot and plug it back in to get it to actually work. Total PITA, but it worked eventually.
Once Windows was finally seeing and enabling the Alfa adapter, I downloaded the ready to go VirtualBox KALI image. I did try this all in VMWare Workstation 17 without much luck – so I continued with VirtualBox. After importing the VM image and before booting VM, I went to Settings for the Kali VM in VirtualBox and selected “USB” and ticked “Enable USB Controller” and “USB 3.0 (xHCI Controller)” :
Next I clicked the USB cable icon with the plus symbol on it. In the dialog that opened, I selected only “MediaTek Inc. Wireless_Device [0100]”:
I also mounted the host machine’s file system for easy file transfer by clicking Sharing, then chose my home directory in Windows and mounted it to /rdg (just my initials to make it easy to find). I have my Wireshark the way I like it on Windows, so easier for me than setting it up in Kali:
I clicked OK to leave the dialogue box and booted up the VM. Once the VM booted, I drank the Root Beer – this is a critical step. Did I mention what a tank this little PC is? I logged into Kali (UN: kali PW: kali), then I opened the Terminal and issued the ever controversial:
sudo su
If you aren’t cool with elevated privileges for the whole exercise, you can add “sudo” before the commands, but ain’t nobody got time for that. After inputting the password, to make it easy to get to my files from Windows I moved into the /rdg mount point:
cd /rdg
To test and make sure we were able to go into Monitor mode and get to the right channel, I issued:
sudo airodump-ng wlan0 -C 6135
The response was “Checking available frequencies, this could take few seconds.”, then after said few seconds, the airodump-ng interface came up:
We are in business! We can now see the SSIDs and verify that we are on the right channel. We can CTRL-C out of this now, and start the capture with:
tcpdump -i wlan0 -n -w 6Ghz_Test.pcap
One thing to look out for, if you get an error here, issue this command to view your interfaces:
iwconfig
Look for it to say “wlan0” and that it says “Mode:Monitor”. If you see an interface called “wlan0mon” that shows “Mode:Monitor” substitute it for anywhere that I have referenced “wlan0”.
You should now see the pcap in your home directory on Windows. You can screenshot it and make a t-shirt!
