__ __ __ _ _ __ ___ ___ __ _ _ __
\ \ /\ / // _` || '_ \ / __| / __| / _` || '_ \
\ V V /| (_| || |_) |\__ \| (__ | (_| || | | |
\_/\_/ \__,_|| .__/ |___/ \___| \__,_||_| |_|
|_|
Tip
wapscan is now available on Launchpad. For more information about this topic see also the section Installation.
Note
I started working on this package on March the 1st, 2024. So be patient until I remove this note. At that time, all the necessary information will be included here. The removal of the note is then followed by the usual irregular updating of the software.
This repository consists of a Bash based Wireless Access Point Scanner for the command line. The user can decide, if he is using the bunch of scripts or if the DEB package from launchpad is used.
A WLAN Scanner is sometimes called a WLAN sniffer. In the context of this package I prefer the naming WLAN scanner. WLAN sniffing is hacker-like or is used in connection with penetration testing. I use the WLAN scanner to check and optimise my WLAN working environment.
The work on the Wireless Access Point Scanner started in the year 2017. The goal was to program a simple wlan scanner that has the ability to address different wlan hardware devices. After invokation the wireless access point scanner is asking which wlan device should be used for scanning. Then the data will be collected and afterwards pretty printed in the terminal window which after that is contiously updated.
Next to the wireless access point scanner I wrote over the years a bunch of scripts related to wifi or wlan. For the wireless access point scanner I created a script which automatically prepares a package for packaging as DEB package. That knowledge how to do was the base for my first steps on Launchpad.
As expected it is a big difference between writing a working script or building a DEB package from that script. It is even more complicated to use a platform like Launchpad for publishing.
The first package I have released one week ago is in the first shot for educational purposes. In the current and following versions I will move on to productive versions.
At the time I started writing the program in the year 2017, iwlist was still more common than iw. This limits the analysis possibilities. Nevertheless one can see the important things related to WLAN.
Note
The current version is developed on Linux Mint 21.3 (Virginia). It should also be runnable without restrictions on Debian 12 (Bookworm), Ubuntu Jammy Jellyfish LTS (22.04) and Raspbian 12 (Bookworm).
Before I started the development I was looking for a good name. After finding a name I checked if there will be a package with the same name [1]. No match said to me that this will be a good name.
The wireless access point scanner is listing 2.4 GHz as well as 5 GHz access points. The hardware must have the capability for dualband should be clear. Three versions of the wireless access point scanner can be used.
- wapscan
- wapscan_beacon
- wapscan_oui
- wapscan_protocol
wapscan is the base apllication. wapscan_beacon and wapscan_oui offer further informations. Sometimes it is of interest how often an access point is sending the beacon. This is monitored by wapscan_beacon. It can also be of interest to know the hardware on which the access point runs. The is realised by wapscan_oui.
The wireless access point scanner is well tested on für wlan on 2.4 GHz as well as 5 GHz. Both bands are monitored as expected on differnent hardware devices.
The wireless access point scanner will run on Linux Mint and should be also run on Linux Ubuntu and also on Debian like operating systems. I developed the scanner on Linux Mint for usage on Linux Mint.
This repository will have three parts:
- Howto for creating the DEB package from scratch
- Required directory tree structure for packaging of the DEB package
- Source code in form of some Bash scripts used for packaging
You can run 3 versions:
- wapscan (for regular usage)
- wapscan_beacon (for user who needs two konow how often beacons can be seen)
- wapscan_oui (for user who needs to know which hardware the AP is using)
First, you choose the WLAN device for scanning:
The first data is collected and than the WLAN environment is scanned continously.
I started the development on wapscan implementing pure basic functionality. Current improvements are first tested with wapscan. When the program works as expected I am changing wapscan_beacon and wapscan_oui in a way, that they work like wapscan.
The easiest way for the future is to use PPA from Launchpad.
sudo add-apt-repository ppa:zentrocdot/wapscan-cli
sudo apt update
sudo apt-get install wapscan
wapscan will be build for use with Ubuntu Noble, Mantic, Jammy, Focal, Bionic, Xenial and Trusty.
At the moment I am building wapscan for Ubuntu Noble. After that is done I prepare the DEB packages inside of Launchpad for use with the other versions of Ubuntu. Then I am testing the installed program with Linux Mint (Ubuntu Jammy). This is at least Debian 12, Ubuntu Jammy, Mint Vanessa or Rapsian Bookworm.
Open issue is, that I not know if the zst compression, which was introduced with Debian 12, is at all a problem for elder versions.
Uninstallation can be done doing:
sudo apt-get remove --purge wapscan
Collecting WLAN data the first time can take up to 5 seconds.
You can invoke the program with or without using sudo. If you are using sudo the program asked for the hardware devices. If you ar not using sudo the program first needs the sudo permission for operation.
If you see
Could not get data from the device ...
in operation then there are two possible reasons.
- In general there are not data from hardware
- Same hardware is used multiple times
The scripts have been tested on different Debian derivatives and versions and have been executable.
It looks as if I have been able to overcome a known limitation. Until now, using the same hardware two or more times has been a problem when collecting and displaying data. In the current solution, the program waits until it has received data and prints it in the terminal window. To make this transparent, I have added a time of the last scan to the output on the screen.
One of the most important restrictions is the fact that sudo rights are required for execution. This is due to the use of iwlist in the background. iwlist only works as root.
No bugs are known yet.
This has to be done:
- Review the code on problems, typing errors and bugs
- Improvement of the code
- Optimisation of the code
- Add a command line evaluation using getopt
- Add used hardware device to output in terminal window
This has to be checked:
- Catch error message "No scan results" from interface
- Catch error message "Interface doesn't support scanning : Device or resource busy" from interface
I had not yet checked whether I could obtain further information from the Information Elements. This is still to be done.
Since I call sudo from within the program now, it is necessary to check how I can separate the first call of wapscan from the second sudo call of wapscan. This is a similar process to my daemonising process of a daemon script.
Write another program using other tool for extracting mor informations from a scan.
At the moment 2.4 GHz as well as 5 GHz wlan access points are recognised. It shuod be possible to decide which one should be monitored.
Check how I can easily identify the used WLAN 802.11 b/g/n standard of the AP.
After writing the first version and the predecessor of the current WLAN scanner, I faced two problems when working on different hardware platforms and operating systems.
First the output structure of iwlist was different on different operating systems. Second the naming of the wlan devices was different on different operating systems.
To avoid reinventing the wheel, I always look for the simplest solutions. I found the tools available at command level suitable for a WLAN scanner.
I found the tools available at command level suitable for a WLAN scanner.
I use the tools iw and iwlist. For hardware identification iw is well suited and for WLAN scanning iwlist.
An iwlist output can look like:
wly97dfd02de607 Scan completed :
Cell 01 - Address: 85:BE:26:40:71:25
Channel:6
Frequency:2.437 GHz (Channel 6)
Quality=25/70 Signal level=-65 dBm
Encryption key:on
ESSID:"WlanRouter!BlueMagic"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s
Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=0000000000b0cc48
Extra: Last beacon: 4024ms ago
IE: Unknown: 000F456569565965772E53657475703734
IE: Unknown: 010882847B960C121824
IE: Unknown: 030206
IE: Unknown: 2A0100
IE: Unknown: 32043048606C
IE: Unknown: 2D1B0C181DFF00000000000000000000000000000000000000000000
IE: Unknown: 3D1606000000000000000000000000000000000000000000
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : CCMP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : PSK
IE: Unknown: DD190050F2020102000003A4000027A4000052435E0062322F00
IE: Unknown: DD1E00804C340C181EFF00000000000000000000000000000000000000000000
IE: Unknown: DD1B00905C3406000000000000000000000000000000000000000000
IE: Unknown: DD0700E05C0202E0
One can extract following informations on different hardware devices:
- MAC address
- Frequency
- Channel
- Quality
- Signal Strenght
- Encryption
- ESSID
- Bit Rates
- MODE
- Extra informations
- Information Elements (IE)
iwlist output looks like:
phy#0
Interface wlq6s1
ifindex 2
wdev 0x1
addr 19:fb:53:01:fb:56
type managed
txpower 17.00 dBm
To be compatible to a given oui.txt file I worked out the following structure for one entry.
00-18-42 (hex) Nokia Danmark A/S
^ ^
| |
| \ - one or more whitespaces [space and/or tab]
\ - one or more whitespaces [space and/or tab]
in the near future a user can use a self created oui.txt file for testing or other purpose.
As long as iwlist as well as iw do not change again the structure of the output wapscan will work. As noted the program worked on different operating systems from the year 2017 upt to the year 2024.
In the first version, the script made itself executable during the first run. This can be realised like this:
# Make the script executable.
if [[ ! -x "$0" ]]; then chmod +x "$0"; fi
- wireless-tools
- iw
- sed
- gawk
- bash
- util-linux
First of all make sure that you have super user rights and that you can use sudo.
[0] www.debian.org/doc/manuals/maint-guide/dreq.en.html
[1] github.com/HewlettPackard/wireless-tools
[2] manpages.debian.org/stretch/wireless-tools/iwlist.8.en.html
[3] packages.debian.org/sid/wireless-tools
[4] unix.stackexchange.com/questions/407517/why-did-wireless-tools-version-30-become-a-permanent-beta
[5] wiki.ubuntuusers.de/WLAN/
[6] wireless.wiki.kernel.org/en/users/documentation/iw
[7] www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html
[8] www.linuxuprising.com/2018/10/how-to-search-available-packages-from.html
[9] www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
[10] wiki.ubuntuusers.de/WiFi_Radar/
[11] wifi-radar.tuxfamily.org/pub/
[12] wiki.ubuntuusers.de/LinSSID/
[13] standards-oui.ieee.org/
[14] www.systutorials.com/docs/linux/man/1-get-oui/
You can support the further development of this tool if you like.
I loved the time when you could get also a hamburger 🍔 for one euro!
If you like what I present here, or if it helps you, or if it is useful, you are welcome to donate a small contribution or a cup of coffee. Or as you might say: Every TRON counts! Many thanks in advance! 😃
TQamF8Q3z63sVFWiXgn2pzpWyhkQJhRtW7 (TRON) DMh7EXf7XbibFFsqaAetdQQ77Zb5TVCXiX (DOGE) 12JsKesep3yuDpmrcXCxXu7EQJkRaAvsc5 (BITCOIN) 0x31042e2F3AE241093e0387b41C6910B11d94f7ec (Ethereum)
File last modified 02/03/2024
