Re: Monitor Wireless Networks OT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Feb 20, 2014 at 3:50 PM, Frank Cox <theatre@xxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, 20 Feb 2014 15:42:35 -0600
> Joseph Hesse wrote:
>
>> Apparently my hardware is not sufficient.  When I run "iwlist scan" I get:
>>
>> lo p5p1; Interface doesn't support scanning
>
> I'm pretty sure you have to run it as root user.

You also have to run it on your wireless nic.  p5p1 sounds like a
gig-ethernet wired nic.  wlp should be your wireless

You might also have to ifup wlan0 or ifconfig wlan0 up to get it to
scan.  Sometimes if its down, it won't scan.

I thought I might share my scripts anyway.  First the awk, then the cronjob.

# cat bin/iwlistparse.awk
$1 == "BSS" {
    MAC = $2
    wifi[MAC]["enc"] = "Open"
    wifi[MAC]["mac"] = $MAC
}
$1 == "SSID:" {
    wifi[MAC]["SSID"] = $2
}
$1 == "freq:" {
    wifi[MAC]["freq"] = $NF
}
$1 == "signal:" {
    wifi[MAC]["sig"] = $2 " " $3
}
$1 == "WPA:" {
    wifi[MAC]["enc"] = "WPA"
}
$1 == "WEP:" {
    wifi[MAC]["enc"] = "WEP"
}
END {
#    printf "%s\t\t%s\t%s\t\t%s\n","SSID","Frequency","Signal","Encryption"

    for (w in wifi) {
        printf "%s\t\t%s\t\t%s\t%s\n",wifi[w]["SSID"],wifi[w]["mac"],wifi[w]["freq"],wifi[w]["sig"],wifi[w]["enc"]
    }
}

# cat bin/wlanpatrol
#!/bin/bash
tstamp="$(date +\%Y\%m\%d\%H\%M\%S)"

#Wirelss is flakey.  Retry a 'few' times to get the right number of
authorized APs, or any APs at all.  sometimes scans just fail
iter=0
while [[ "${iter}" -le 60 ]]
do
        iter=$(( ${iter} + 1 ))
        /sbin/iwlist wlp12s0 scanning 2>&1 | grep -v 'wlp12s0\ \ \
Interface\ doesn'\''t\ support\ scanning\ :\ Device\ or\ resource\
busy' > /root/iwlistlogs/${tstamp}

#Replace 00.11.22.33.44.55's with the mac addresses of your authorised APs
        OurAPCount="$( awk -f /root/bin/iwlist.awk <
/root/iwlistlogs/${tstamp}  | grep -i -e '00.11.22.33.44.55' -e
'00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e
'00.11.22.33.44.55' -e '00.11.22.33.44.55' | wc -l)"
        if [[ ! -s "/root/iwlistlogs/${tstamp}" ]]
        then
                continue
        fi

#In our environment, I expect 6 legitimate APs be visible at all times.
        if [[ ${OurAPCount} -eq 6 ]]
        then
                break
        fi
        #echo OurAPCountError: ${OurAPCount} found.

        sleep 0.1
done

APCount="$( awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp}  | wc -l)"

#Here we check for bits and pieces of our actual company name in the
names of all detected APs.  Then we ignore the authorized mac
addresses, to come upwith a list of APs pretending to be us.
RogueAPs="$( awk -f /root/bin/iwlist.awk < /root/iwlistlogs/${tstamp} | \
grep -i -e my -e company -e mc -e myc -e yco -e com -e omp -e mpa -e
pan -e any | \
grep -i -v -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e
'00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e
'00.11.22.33.44.55' )"

if [[ $OurAPCount != 6 ]]
then
        awk -f /root/bin/iwlist.awk < /root/iwlistlogs/${tstamp} |
mail -s "Abnormal number of Our authorized APs: ${OurAPCount}"
bcrook@xxxxxxxxxxxxx
fi


if [[ ! -z "${RogueAPs}" ]]
then
        mail -s "ROGUE APS IN USE" bcrook@xxxxxxxxxxxxxx <<< "${RogueAPs}"
fi
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux