How did I figure Pixel 6 could sniff WIFI?
I just wrote a quick post on how to sniff WIFI packets with Pixel 6 Pro in monitor mode. But, how did I figure it out? I'm not a WIFI engineer, and only really pretend to know how it works, but I have been hacking on Android phones for the last 13 years, starting with the Motorola Droid (Eclair launch device, OMAP3) and especially Motorola Cliq (launched on Cupcake, MSM72xx). I started by flashing the aosp_raven-userdebug build, because I knew I wanted root access for tcpdump etc., and it was pretty easy to do it this way. From here, I started with tcpdump on wlan0, which works but you can't sniff and it's not monitor mode. I naively started searching the phone for an "iwconfig" or "iw" or other tools that might help me reconfigure the chip. I neglected to find /system/bin/iw which was right there, but instead I stumbled into: raven:/vendor/bin # ls -ld *w* -rwxr-xr-x 1 root shell 147400 2009-01-01 00:00 awk lrwxr-xr-x 1 root shell 13 2009-01-01