/wapscan_sd

Wireless Access Point Scanner (wapscan) for the command line

Primary LanguageShellMIT LicenseMIT

wapscan logo Wireless Access Point Scanner

ASCII Logo

__      __ __ _  _ __   ___   ___   __ _  _ __     
\ \ /\ / // _` || '_ \ / __| / __| / _` || '_ \    
 \ V  V /| (_| || |_) |\__ \| (__ | (_| || | | |   
  \_/\_/  \__,_|| .__/ |___/ \___| \__,_||_| |_|   
                |_|                                 

Announcement

Tip

wapscan is now available on Launchpad. For more information about this topic see also the section Installation.

README

Note

I started working on this package on March the 1st, 2024. So be patient until I remove this note. At that time, all the necessary information will be included here. The removal of the note is then followed by the usual irregular updating of the software.

This repository consists of a Bash based Wireless Access Point Scanner for the command line. The user can decide, if he is using the bunch of scripts or if the DEB package from launchpad is used.

Foreword

A WLAN Scanner is sometimes called a WLAN sniffer. In the context of this package I prefer the naming WLAN scanner. WLAN sniffing is hacker-like or is used in connection with penetration testing. I use the WLAN scanner to check and optimise my WLAN working environment.

The work on the Wireless Access Point Scanner started in the year 2017. The goal was to program a simple wlan scanner that has the ability to address different wlan hardware devices. After invokation the wireless access point scanner is asking which wlan device should be used for scanning. Then the data will be collected and afterwards pretty printed in the terminal window which after that is contiously updated.

Next to the wireless access point scanner I wrote over the years a bunch of scripts related to wifi or wlan. For the wireless access point scanner I created a script which automatically prepares a package for packaging as DEB package. That knowledge how to do was the base for my first steps on Launchpad.

As expected it is a big difference between writing a working script or building a DEB package from that script. It is even more complicated to use a platform like Launchpad for publishing.

The first package I have released one week ago is in the first shot for educational purposes. In the current and following versions I will move on to productive versions.

At the time I started writing the program in the year 2017, iwlist was still more common than iw. This limits the analysis possibilities. Nevertheless one can see the important things related to WLAN.

Note

The current version is developed on Linux Mint 21.3 (Virginia). It should also be runnable without restrictions on Debian 12 (Bookworm), Ubuntu Jammy Jellyfish LTS (22.04) and Raspbian 12 (Bookworm).

Introductory Words

Before I started the development I was looking for a good name. After finding a name I checked if there will be a package with the same name [1]. No match said to me that this will be a good name.

Short Description

The wireless access point scanner is listing 2.4 GHz as well as 5 GHz access points. The hardware must have the capability for dualband should be clear. Three versions of the wireless access point scanner can be used.

  1. wapscan
  2. wapscan_beacon
  3. wapscan_oui
  4. wapscan_protocol

wapscan is the base apllication. wapscan_beacon and wapscan_oui offer further informations. Sometimes it is of interest how often an access point is sending the beacon. This is monitored by wapscan_beacon. It can also be of interest to know the hardware on which the access point runs. The is realised by wapscan_oui.

The wireless access point scanner is well tested on für wlan on 2.4 GHz as well as 5 GHz. Both bands are monitored as expected on differnent hardware devices.

Prerequisites

The wireless access point scanner will run on Linux Mint and should be also run on Linux Ubuntu and also on Debian like operating systems. I developed the scanner on Linux Mint for usage on Linux Mint.

Repository Organisation

This repository will have three parts:

  1. Howto for creating the DEB package from scratch
  2. Required directory tree structure for packaging of the DEB package
  3. Source code in form of some Bash scripts used for packaging

Look and Feel

You can run 3 versions:

  1. wapscan (for regular usage)
  2. wapscan_beacon (for user who needs two konow how often beacons can be seen)
  3. wapscan_oui (for user who needs to know which hardware the AP is using)

First, you choose the WLAN device for scanning:

Alt text

Image for presentation purposes

The first data is collected and than the WLAN environment is scanned continously.

Alt text

Image for presentation purposes

Development

I started the development on wapscan implementing pure basic functionality. Current improvements are first tested with wapscan. When the program works as expected I am changing wapscan_beacon and wapscan_oui in a way, that they work like wapscan.

Installation

The easiest way for the future is to use PPA from Launchpad.

sudo add-apt-repository ppa:zentrocdot/wapscan-cli
    
sudo apt update

sudo apt-get install wapscan

wapscan will be build for use with Ubuntu Noble, Mantic, Jammy, Focal, Bionic, Xenial and Trusty.

At the moment I am building wapscan for Ubuntu Noble. After that is done I prepare the DEB packages inside of Launchpad for use with the other versions of Ubuntu. Then I am testing the installed program with Linux Mint (Ubuntu Jammy). This is at least Debian 12, Ubuntu Jammy, Mint Vanessa or Rapsian Bookworm.

Installation Note

Open issue is, that I not know if the zst compression, which was introduced with Debian 12, is at all a problem for elder versions.

Uninstallation

Uninstallation can be done doing:

sudo apt-get remove --purge wapscan

Comments on operation

Collecting WLAN data the first time can take up to 5 seconds.

You can invoke the program with or without using sudo. If you are using sudo the program asked for the hardware devices. If you ar not using sudo the program first needs the sudo permission for operation.

If you see

Could not get data from the device ...

in operation then there are two possible reasons.

  1. In general there are not data from hardware
  2. Same hardware is used multiple times

Testing

The scripts have been tested on different Debian derivatives and versions and have been executable.

Limitation

It looks as if I have been able to overcome a known limitation. Until now, using the same hardware two or more times has been a problem when collecting and displaying data. In the current solution, the program waits until it has received data and prints it in the terminal window. To make this transparent, I have added a time of the last scan to the output on the screen.

Known Restriction

One of the most important restrictions is the fact that sudo rights are required for execution. This is due to the use of iwlist in the background. iwlist only works as root.

Bugs

No bugs are known yet.

To-Do

List of things to do

This has to be done:

  1. Review the code on problems, typing errors and bugs
  2. Improvement of the code
  3. Optimisation of the code
  4. Add a command line evaluation using getopt
  5. Add used hardware device to output in terminal window

This has to be checked:

  1. Catch error message "No scan results" from interface
  2. Catch error message "Interface doesn't support scanning : Device or resource busy" from interface

Further things to do

I had not yet checked whether I could obtain further information from the Information Elements. This is still to be done.

Since I call sudo from within the program now, it is necessary to check how I can separate the first call of wapscan from the second sudo call of wapscan. This is a similar process to my daemonising process of a daemon script.

Spin-Off

Write another program using other tool for extracting mor informations from a scan.

Planned Further Developments

At the moment 2.4 GHz as well as 5 GHz wlan access points are recognised. It shuod be possible to decide which one should be monitored.

Check how I can easily identify the used WLAN 802.11 b/g/n standard of the AP.

Challenges while Development

After writing the first version and the predecessor of the current WLAN scanner, I faced two problems when working on different hardware platforms and operating systems.

First the output structure of iwlist was different on different operating systems. Second the naming of the wlan devices was different on different operating systems.

Program Technical Background

To avoid reinventing the wheel, I always look for the simplest solutions. I found the tools available at command level suitable for a WLAN scanner.

I found the tools available at command level suitable for a WLAN scanner.

I use the tools iw and iwlist. For hardware identification iw is well suited and for WLAN scanning iwlist.

Typical Response from IWLIST

An iwlist output can look like:

wly97dfd02de607  Scan completed :
          Cell 01 - Address: 85:BE:26:40:71:25
                    Channel:6
                    Frequency:2.437 GHz (Channel 6)
                    Quality=25/70  Signal level=-65 dBm
                    Encryption key:on
                    ESSID:"WlanRouter!BlueMagic"
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
                              9 Mb/s; 12 Mb/s; 18 Mb/s
                    Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s
                    Mode:Master
                    Extra:tsf=0000000000b0cc48
                    Extra: Last beacon: 4024ms ago
                    IE: Unknown: 000F456569565965772E53657475703734
                    IE: Unknown: 010882847B960C121824
                    IE: Unknown: 030206
                    IE: Unknown: 2A0100
                    IE: Unknown: 32043048606C
                    IE: Unknown: 2D1B0C181DFF00000000000000000000000000000000000000000000
                    IE: Unknown: 3D1606000000000000000000000000000000000000000000
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : CCMP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK
                    IE: Unknown: DD190050F2020102000003A4000027A4000052435E0062322F00
                    IE: Unknown: DD1E00804C340C181EFF00000000000000000000000000000000000000000000
                    IE: Unknown: DD1B00905C3406000000000000000000000000000000000000000000
                    IE: Unknown: DD0700E05C0202E0

One can extract following informations on different hardware devices:

  • MAC address
  • Frequency
  • Channel
  • Quality
  • Signal Strenght
  • Encryption
  • ESSID
  • Bit Rates
  • MODE
  • Extra informations
  • Information Elements (IE)

Typical Response from IW

iwlist output looks like:

phy#0
       Interface wlq6s1
	      ifindex 2
	      wdev 0x1
	      addr 19:fb:53:01:fb:56
	      type managed
	      txpower 17.00 dBm

Compatibility to given oui.txt files

To be compatible to a given oui.txt file I worked out the following structure for one entry.

00-18-42 (hex) Nokia Danmark A/S 
        ^     ^
    |     | 
        |     \ - one or more whitespaces [space and/or tab]
        \ - one or more whitespaces [space and/or tab]

in the near future a user can use a self created oui.txt file for testing or other purpose.

Compatibility

As long as iwlist as well as iw do not change again the structure of the output wapscan will work. As noted the program worked on different operating systems from the year 2017 upt to the year 2024.

Note on script usage

In the first version, the script made itself executable during the first run. This can be realised like this:

# Make the script executable.
if [[ ! -x "$0" ]]; then chmod +x "$0"; fi

Dependencies

  1. wireless-tools
  2. iw
  3. sed
  4. gawk
  5. bash
  6. util-linux

Troubleshooting

First of all make sure that you have super user rights and that you can use sudo.

References

[0] www​.debian.org/doc/manuals/maint-guide/dreq.en.html

[1] github.com/HewlettPackard/wireless-tools

[2] manpages.debian.org/stretch/wireless-tools/iwlist.8.en.html

[3] packages.debian.org/sid/wireless-tools

[4] unix.stackexchange.com/questions/407517/why-did-wireless-tools-version-30-become-a-permanent-beta

[5] wiki.ubuntuusers.de/WLAN/

[6] wireless.wiki.kernel.org/en/users/documentation/iw

[7] www​.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html

[8] www​.linuxuprising.com/2018/10/how-to-search-available-packages-from.html

[9] www​.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/

[10] wiki.ubuntuusers.de/WiFi_Radar/

[11] wifi-radar.tuxfamily.org/pub/

[12] wiki.ubuntuusers.de/LinSSID/

[13] standards-oui.ieee.org/

[14] www​.systutorials.com/docs/linux/man/1-get-oui/


You can support the further development of this tool if you like.


I loved the time when you could get also a hamburger 🍔 for one euro!

Buy Me A Coffee


Other ways to donate

If you like what I present here, or if it helps you, or if it is useful, you are welcome to donate a small contribution or a cup of coffee. Or as you might say: Every TRON counts! Many thanks in advance! 😃

TQamF8Q3z63sVFWiXgn2pzpWyhkQJhRtW7            (TRON)
DMh7EXf7XbibFFsqaAetdQQ77Zb5TVCXiX            (DOGE)
12JsKesep3yuDpmrcXCxXu7EQJkRaAvsc5            (BITCOIN)
0x31042e2F3AE241093e0387b41C6910B11d94f7ec    (Ethereum)

File last modified 02/03/2024