Netstumbler internals? Using Linux to find "Closed" APs...

09-12-2001

No, i don't need to see the source. Just a question:

Can the Lucent really see multiple channels simultaneously? Or do you have to cycle through them, getting the signal strength of each AP on every pass?

On the Linux side of things, i've been playing with wlanwatch, part of the wlantools package (http://www.sublimation.org/security/localarchive/802.11/)

What i'd like to do is have something that could audit for "closed" networks. Something that NetStumbler doesn't do.

wlanwatch can dump a nice summary of each frame it sees, including "hidden" ssids. Unfortunately, wlanwatch doesn't possess the ability to scan multiple channels. Using the wlanctl-ng tool, wrapped in a bit of Perl, it's easy enough to get it to cycle through all 11 channels, but i'm having problems trying to make note of what channel i'm on when wlanwatch finds somethings. (Also, it'd be nice to add a timestamp, as well as GPS info.)

So anyways, back to the original question, i'm just curious how Netstumbler is able to see APs on different channels "simultaneously." And if you do scan, how long do you stay on each channel? i'm trying to find an efficient way to grab just the information i need. Unfortunately wlanwatch is a full-fledged sniffer. But without going into promiscuous mode, i can't see a better way to get hidden SSIDs.

09-12-2001

Can you make the Perl wrapper available?

09-12-2001

Now I haven't had a chance to use the linux tools yet, but is it possible to run several versions of the sniffer??? Could you run one for each channel. I'm guessing not, in which case I would run on each channel for either a predetermined length of time (5 seconds?) and then switch or allow the user (you) to determine when to swap channels with the press of a key. But you'll have to put some code in of sorts to stop from switching channels if there is output. Maybe start a time for your user determined length of time, based on how fast you're walking/driving, and start that timer after you swap to the next channel. Stop the timer and throw an alert/flag when data is output until the desired fields are snatched from the air and then signal the user to move on...

09-12-2001

i don't have a perl wrapper, just a stupid script that cycles through channels:

#!/usr/bin/perl
for ($chan = 1; $chan < 12; $chan++) {
system "wlanctl-ng wlan0 lnxreq_wlansniff channel=$chan enable=true";
sleep (1); # i've been trying different values here
if ($chan ==11) { chan = 0 }
}

See? Nothing fancy.

Shawn: Your suggestions are pretty much what i want to do. Scan a channel, see if there's anything, if so, grab the data, otherwise switch to the next channel. Trick is that i'm leaving wlanwatch running *all* the time, spooling output into a log file. So i somehow have to monitor that file after the switch. i guess a while (<file>) would work, but i just haven't hunkered down and tried it yet.

09-12-2001	#1 (permalink)
Posts: n/a	Netstumbler internals? Using Linux to find "Closed" APs... No, i don't need to see the source. Just a question: Can the Lucent really see multiple channels simultaneously? Or do you have to cycle through them, getting the signal strength of each AP on every pass? On the Linux side of things, i've been playing with wlanwatch, part of the wlantools package (http://www.sublimation.org/security/localarchive/802.11/) What i'd like to do is have something that could audit for "closed" networks. Something that NetStumbler doesn't do. wlanwatch can dump a nice summary of each frame it sees, including "hidden" ssids. Unfortunately, wlanwatch doesn't possess the ability to scan multiple channels. Using the wlanctl-ng tool, wrapped in a bit of Perl, it's easy enough to get it to cycle through all 11 channels, but i'm having problems trying to make note of what channel i'm on when wlanwatch finds somethings. (Also, it'd be nice to add a timestamp, as well as GPS info.) So anyways, back to the original question, i'm just curious how Netstumbler is able to see APs on different channels "simultaneously." And if you do scan, how long do you stay on each channel? i'm trying to find an efficient way to grab just the information i need. Unfortunately wlanwatch is a full-fledged sniffer. But without going into promiscuous mode, i can't see a better way to get hidden SSIDs.

09-12-2001	#3 (permalink)
Posts: n/a	What about... Now I haven't had a chance to use the linux tools yet, but is it possible to run several versions of the sniffer??? Could you run one for each channel. I'm guessing not, in which case I would run on each channel for either a predetermined length of time (5 seconds?) and then switch or allow the user (you) to determine when to swap channels with the press of a key. But you'll have to put some code in of sorts to stop from switching channels if there is output. Maybe start a time for your user determined length of time, based on how fast you're walking/driving, and start that timer after you swap to the next channel. Stop the timer and throw an alert/flag when data is output until the desired fields are snatched from the air and then signal the user to move on...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

09-12-2001	#2 (permalink)
Posts: n/a	Can you make the Perl wrapper available?

09-12-2001	#4 (permalink)
Posts: n/a	i don't have a perl wrapper, just a stupid script that cycles through channels: #!/usr/bin/perl for ($chan = 1; $chan < 12; $chan++) { system "wlanctl-ng wlan0 lnxreq_wlansniff channel=$chan enable=true"; sleep (1); # i've been trying different values here if ($chan ==11) { chan = 0 } } See? Nothing fancy. Shawn: Your suggestions are pretty much what i want to do. Scan a channel, see if there's anything, if so, grab the data, otherwise switch to the next channel. Trick is that i'm leaving wlanwatch running all the time, spooling output into a log file. So i somehow have to monitor that file after the switch. i guess a while (<file>) would work, but i just haven't hunkered down and tried it yet.