The ESP32 is a powerful microcontroller that can be used for a variety of purposes, including network monitoring and analysis. In this article, we’ll explore how to write firmware for the ESP32 that performs a promiscuous scan for local devices. This firmware can be used for various purposes, such as network troubleshooting, monitoring, and security analysis.

Promiscuous Mode

Before we dive into the firmware, let’s first discuss what promiscuous mode is. In normal mode, a WiFi device only listens for packets that are addressed to it. However, in promiscuous mode, a device listens to all packets on the network, regardless of whether they are addressed to it or not. This allows the device to capture and analyze all network traffic, making it a valuable tool for network analysis and security.

ESP32 Firmware for Promiscuous Scanning

To write firmware for the ESP32 that performs a promiscuous scan for local devices, we’ll need to use the ESP-IDF (Espressif IoT Development Framework) and the WiFi library that comes with it. The firmware will need to be written in C or C++, as this is the language supported by the ESP-IDF.

Below is a minimal firmware that performs a promiscuous scan for local devices:

View on GitHub

#include <WiFi.h>
#include <esp_wifi.h>
#include <esp_wifi_types.h>

void setup() {
  Serial.begin(115200);
  WiFi.mode(WIFI_MODE_STA);
  esp_wifi_set_promiscuous(true);
  esp_wifi_set_promiscuous_filter(&filter); //optional, can be used to filter results
  esp_wifi_set_promiscuous_rx_cb(&sniffer); //callback function to handle results
}

void loop() {
  //do other things
}

void sniffer(void *buf, wifi_promiscuous_pkt_type_t type) {
  wifi_promiscuous_pkt_t *pkt = (wifi_promiscuous_pkt_t *)buf;
  wifi_pkt_rx_ctrl_t ctrl = (wifi_pkt_rx_ctrl_t)pkt->rx_ctrl;
  Serial.print("Received packet with RSSI: ");
  Serial.println(ctrl.rssi);
  //process packet data here
}

wifi_promiscuous_filter_t filter = {
  .filter_mask = WIFI_PROMIS_FILTER_MASK_MGMT,
  .filter_mgt = {
    .probe_req = 1
  }
};

This code sets the ESP32 to promiscuous mode, and then sets up a callback function called sniffer() to handle incoming packets. The filter variable is optional and can be used to filter out unwanted packets based on various criteria, such as packet type or MAC address.

In the sniffer() function, incoming packets are processed and the RSSI (Received Signal Strength Indication) of each packet is printed to the serial monitor. You can modify this function to process the packet data in any way you see fit.

Applications of Promiscuous Scanning

Promiscuous scanning can be used for a variety of purposes, such as network troubleshooting, monitoring, and security analysis. Here are a few examples of how promiscuous scanning can be used:

  • Network troubleshooting: By analyzing all network traffic, promiscuous scanning can be used to identify network issues, such as high latency or packet loss.
  • Network monitoring: Promiscuous scanning can be used to monitor network activity and detect unusual behavior, such as unauthorized devices or unusual network traffic.
  • Security analysis: Promiscuous scanning can be used to detect security vulnerabilities, such as unencrypted network traffic or unauthorized devices on the network.

Analyzing the Scan Results

Once you have the list of devices found by the promiscuous scan, you can start analyzing the results. One thing to look for is any suspicious devices that may not belong on your network. You can compare the MAC addresses of the devices found with the MAC addresses of devices that you know should be on your network.

Another thing to look for is the manufacturer of the devices found. By looking up the manufacturer of a device, you can determine if it’s a common device or if it’s something unusual. For example, if you find a device made by a manufacturer you’ve never heard of, it could be a sign that the device is not supposed to be on your network.

Enhancing the Firmware

While the firmware we wrote is capable of performing a promiscuous scan for local devices, it’s a simple implementation that could be enhanced in a number of ways. For example, you could add functionality to automatically blacklist devices that are not supposed to be on your network. You could also add a feature to alert you when a new device is found on the network.

Another enhancement could be to save the results of the scan to a file or database so that you can analyze the data over time. This could be useful for detecting patterns or trends in device activity on your network.

Conclusion

In this article, we’ve demonstrated how to write firmware for an ESP32 microcontroller that performs a promiscuous scan for local devices. While the firmware we’ve created is a basic implementation, it’s a good starting point for building more advanced network monitoring tools. With some enhancements, this firmware could be a powerful tool for detecting and analyzing device activity on your network.