Basic steps. Identify your wifi device (in my case wlp3s0), the enter monitor mode, use tcpdump to capture mac addresses and a short php script to switch between available channels:

sudo ip link set wlp3s0 down
sudo iw wlp3s0 set monitor control
sudo ip link set wlp3s0 up
sudo tcpdump -i wlp3s0 -e -ttttnn > tcpdump.log
sudo ./channel_changer.php

You can find out which $channels your device supports using iw list (it's the numbers in the 'Frequencies' section). There are about 14 on older g/n devices and more on the 5G access points. I switch channel every 0.2 seconds (same as Kismet's default channel hop time) which seems to work fine.

#!/usr/bin/php
<?php
$channels = array(
  1,2,3,4,5,6,7,8,9,10,11, 12,13,36,40,44,48,52,56,60,64,100,104,
  108,112,116,120,124,128,132,136,140,149,153,157,161,165);
 
while(true) {
        foreach($channels as $channel) {
        echo "Setting channel: #$channel\n";
        exec("iw dev wlp3s0 set channel $channel");
        usleep(200000);
        }
}
 
?>

I import the raw tcpdump logs (just a timestamp and mac address) into a simple mysql table:

CREATE TABLE wifi_data (seen_time datetime, mac VARCHAR(17), UNIQUE (seen_time,mac));

These files are pretty large - for around a month of wifi scanning data is around 128.4 million lines of data (18.6Gb). I run the following code to simplify the logs to just pairs of the datetime (in YYYY-MM-DD HH:MM) and the mac address:

php trim.php tcpdump.log > trimmed_tcpdump.log

This takes around 12 minutes which reduces the number of lines of data to around 20 million. Then I import this directly to the mysql database using the mysql client:

LOAD DATA INFILE 'trimmed_tcpdump.log' INTO TABLE wifi_data;

If you have any trouble with this command, you might want to split the file into more managble parts using split -l 1000000 trimmed_tcpdump.log

TBC

I've made some graphs:

• General scan #2 - Sat July 6th 2019 8am-11:30am - All data grouped in unique MACs per 1 minute period
• General scan #3 - Sat July 6th 2019 8am-11:30am - As above, known (previously seen the hours/days before) devices/equipment filtered - an example of identifying a group of passerbys (Orange walk outside my window at 10:40am)
• General scan #4 - Multiple days showing the weekend and spikes, at 8am and 5pm, of people passing by to and from work.

I'm still working on analysing an entire uninterrupted month to get some general statistics on wifi use around my area. Updates and code to follow.