Re: [CentOS] Monitor Wireless Networks OT
On 02/24/2014 07:58 PM, Billy Crook wrote: On Thu, Feb 20, 2014 at 3:50 PM, Frank Cox thea...@melvilletheatre.com wrote: On Thu, 20 Feb 2014 15:42:35 -0600 Joseph Hesse wrote: Apparently my hardware is not sufficient. When I run iwlist scan I get: lo p5p1; Interface doesn't support scanning I'm pretty sure you have to run it as root user. You also have to run it on your wireless nic. p5p1 sounds like a gig-ethernet wired nic. wlp should be your wireless You might also have to ifup wlan0 or ifconfig wlan0 up to get it to scan. Sometimes if its down, it won't scan. I thought I might share my scripts anyway. First the awk, then the cronjob. # cat bin/iwlistparse.awk $1 == BSS { MAC = $2 wifi[MAC][enc] = Open wifi[MAC][mac] = $MAC } $1 == SSID: { wifi[MAC][SSID] = $2 } $1 == freq: { wifi[MAC][freq] = $NF } $1 == signal: { wifi[MAC][sig] = $2 $3 } $1 == WPA: { wifi[MAC][enc] = WPA } $1 == WEP: { wifi[MAC][enc] = WEP } END { #printf %s\t\t%s\t%s\t\t%s\n,SSID,Frequency,Signal,Encryption for (w in wifi) { printf %s\t\t%s\t\t%s\t%s\n,wifi[w][SSID],wifi[w][mac],wifi[w][freq],wifi[w][sig],wifi[w][enc] } } # cat bin/wlanpatrol #!/bin/bash tstamp=$(date +\%Y\%m\%d\%H\%M\%S) #Wirelss is flakey. Retry a 'few' times to get the right number of authorized APs, or any APs at all. sometimes scans just fail iter=0 while [[ ${iter} -le 60 ]] do iter=$(( ${iter} + 1 )) /sbin/iwlist wlp12s0 scanning 21 | grep -v 'wlp12s0\ \ \ Interface\ doesn'\''t\ support\ scanning\ :\ Device\ or\ resource\ busy' /root/iwlistlogs/${tstamp} #Replace 00.11.22.33.44.55's with the mac addresses of your authorised APs OurAPCount=$( awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp} | grep -i -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' | wc -l) if [[ ! -s /root/iwlistlogs/${tstamp} ]] then continue fi #In our environment, I expect 6 legitimate APs be visible at all times. if [[ ${OurAPCount} -eq 6 ]] then break fi #echo OurAPCountError: ${OurAPCount} found. sleep 0.1 done APCount=$( awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp} | wc -l) #Here we check for bits and pieces of our actual company name in the names of all detected APs. Then we ignore the authorized mac addresses, to come upwith a list of APs pretending to be us. RogueAPs=$( awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp} | \ grep -i -e my -e company -e mc -e myc -e yco -e com -e omp -e mpa -e pan -e any | \ grep -i -v -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' ) if [[ $OurAPCount != 6 ]] then awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp} | mail -s Abnormal number of Our authorized APs: ${OurAPCount} bcr...@mycompany.com fi if [[ ! -z ${RogueAPs} ]] then mail -s ROGUE APS IN USE bcr...@ourapcount.com ${RogueAPs} fi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Thank you for the script. FYI: p5p1 is the name of the wireless interface on my Fedora 20 laptop. It was assigned automatically. It appears as wlan0 on my CentOS 6.5 laptop. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks OT
On Thu, Feb 20, 2014 at 3:50 PM, Frank Cox thea...@melvilletheatre.com wrote: On Thu, 20 Feb 2014 15:42:35 -0600 Joseph Hesse wrote: Apparently my hardware is not sufficient. When I run iwlist scan I get: lo p5p1; Interface doesn't support scanning I'm pretty sure you have to run it as root user. You also have to run it on your wireless nic. p5p1 sounds like a gig-ethernet wired nic. wlp should be your wireless You might also have to ifup wlan0 or ifconfig wlan0 up to get it to scan. Sometimes if its down, it won't scan. I thought I might share my scripts anyway. First the awk, then the cronjob. # cat bin/iwlistparse.awk $1 == BSS { MAC = $2 wifi[MAC][enc] = Open wifi[MAC][mac] = $MAC } $1 == SSID: { wifi[MAC][SSID] = $2 } $1 == freq: { wifi[MAC][freq] = $NF } $1 == signal: { wifi[MAC][sig] = $2 $3 } $1 == WPA: { wifi[MAC][enc] = WPA } $1 == WEP: { wifi[MAC][enc] = WEP } END { #printf %s\t\t%s\t%s\t\t%s\n,SSID,Frequency,Signal,Encryption for (w in wifi) { printf %s\t\t%s\t\t%s\t%s\n,wifi[w][SSID],wifi[w][mac],wifi[w][freq],wifi[w][sig],wifi[w][enc] } } # cat bin/wlanpatrol #!/bin/bash tstamp=$(date +\%Y\%m\%d\%H\%M\%S) #Wirelss is flakey. Retry a 'few' times to get the right number of authorized APs, or any APs at all. sometimes scans just fail iter=0 while [[ ${iter} -le 60 ]] do iter=$(( ${iter} + 1 )) /sbin/iwlist wlp12s0 scanning 21 | grep -v 'wlp12s0\ \ \ Interface\ doesn'\''t\ support\ scanning\ :\ Device\ or\ resource\ busy' /root/iwlistlogs/${tstamp} #Replace 00.11.22.33.44.55's with the mac addresses of your authorised APs OurAPCount=$( awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp} | grep -i -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' | wc -l) if [[ ! -s /root/iwlistlogs/${tstamp} ]] then continue fi #In our environment, I expect 6 legitimate APs be visible at all times. if [[ ${OurAPCount} -eq 6 ]] then break fi #echo OurAPCountError: ${OurAPCount} found. sleep 0.1 done APCount=$( awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp} | wc -l) #Here we check for bits and pieces of our actual company name in the names of all detected APs. Then we ignore the authorized mac addresses, to come upwith a list of APs pretending to be us. RogueAPs=$( awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp} | \ grep -i -e my -e company -e mc -e myc -e yco -e com -e omp -e mpa -e pan -e any | \ grep -i -v -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' ) if [[ $OurAPCount != 6 ]] then awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp} | mail -s Abnormal number of Our authorized APs: ${OurAPCount} bcr...@mycompany.com fi if [[ ! -z ${RogueAPs} ]] then mail -s ROGUE APS IN USE bcr...@ourapcount.com ${RogueAPs} fi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks
On Thu, 2014-02-20 at 09:39 -0600, Joseph Hesse wrote: Hi, I am having interference with my neighbouring wireless networks. Is there a linux tool that enables me to monitor the ESSID, channel, power output and other information for neighbouring wireless networks? I am especially interested in the channel so I can choose a different one. Not sure about for CentOS (other than iwlist), but I recently found 'wavemon' for my Fedora 20 system: http://eden-feed.erg.abdn.ac.uk/wavemon/ John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks
On Fri, Feb 21, 2014 at 10:46:22AM +, John Horne wrote: On Thu, 2014-02-20 at 09:39 -0600, Joseph Hesse wrote: Hi, I am having interference with my neighbouring wireless networks. Is there a linux tool that enables me to monitor the ESSID, channel, power output and other information for neighbouring wireless networks? I am especially interested in the channel so I can choose a different one. Not sure about for CentOS (other than iwlist), but I recently found 'wavemon' for my Fedora 20 system: http://eden-feed.erg.abdn.ac.uk/wavemon/ It builds fine on Centos 6.5. However, I don't have Centos on a machine that also has wireless, so I can't verify that it actually WORKS. It does work fine on my netbook, running F19. -- Fred Smith -- fre...@fcshome.stoneham.ma.us - The eyes of the Lord are everywhere, keeping watch on the wicked and the good. - Proverbs 15:3 (niv) - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Monitor Wireless Networks
Hi, I am having interference with my neighbouring wireless networks. Is there a linux tool that enables me to monitor the ESSID, channel, power output and other information for neighbouring wireless networks? I am especially interested in the channel so I can choose a different one. Thank you, Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks OT
On Thu, Feb 20, 2014 at 9:39 AM, Joseph Hesse joehe...@gmail.com wrote: Hi, I am having interference with my neighbouring wireless networks. Is there a linux tool that enables me to monitor the ESSID, channel, power output and other information for neighbouring wireless networks? I am especially interested in the channel so I can choose a different one. Thank you, Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos There is a really good Android app, WIFI analyzer https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer if you have access to a phone or better yet a tablet. Very nice and allows you to look at all kinds of things, I also know of another one called Wifi Radar for linux but not nears as good. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks OT
There is a really good Android app, WIFI analyzer https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer if you have access to a phone or better yet a tablet. Very nice and allows you to look at all kinds of things, I also know of another one called Wifi Radar for linux but not nears as good. Fully seconded. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks
On 20/02/14 15:39, Joseph Hesse wrote: Hi, I am having interference with my neighbouring wireless networks. Is there a linux tool that enables me to monitor the ESSID, channel, power output and other information for neighbouring wireless networks? I am especially interested in the channel so I can choose a different one. Thank you, Joe try: iwlist wlan0 scan which will scan for wireless networks and give you the information you mention above. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks OT
On Thu, Feb 20, 2014 at 9:48 AM, Lars Hecking lheck...@users.sourceforge.net wrote: There is a really good Android app, WIFI analyzer https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer if you have access to a phone or better yet a tablet. Very nice and allows you to look at all kinds of things, I also know of another one called Wifi Radar for linux but not nears as good. Fully seconded. Agreed - and the Wifi analyzer is in the subset of android apps that you can get on the kindle fire, too. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks OT
there's the iwlist command. I put together an awk script to columnate the data I cared about, and a cronjob that runs it analyzes it for things i care about (like neighbors using my same or similar network name, same frequencies, etc, and put it in a cronjob to log and email me anomalies. Works pretty well. I can share my script and awk if helpful On Thu, Feb 20, 2014 at 9:43 AM, Tom Bishop bisho...@gmail.com wrote: On Thu, Feb 20, 2014 at 9:39 AM, Joseph Hesse joehe...@gmail.com wrote: Hi, I am having interference with my neighbouring wireless networks. Is there a linux tool that enables me to monitor the ESSID, channel, power output and other information for neighbouring wireless networks? I am especially interested in the channel so I can choose a different one. Thank you, Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos There is a really good Android app, WIFI analyzer https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer if you have access to a phone or better yet a tablet. Very nice and allows you to look at all kinds of things, I also know of another one called Wifi Radar for linux but not nears as good. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Billy Crook * Network and Security Administrator * RiskAnalytics, LLC ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks OT
Apparently my hardware is not sufficient. When I run iwlist scan I get: lo p5p1; Interface doesn't support scanning On 02/20/2014 11:52 AM, Billy Crook wrote: there's the iwlist command. I put together an awk script to columnate the data I cared about, and a cronjob that runs it analyzes it for things i care about (like neighbors using my same or similar network name, same frequencies, etc, and put it in a cronjob to log and email me anomalies. Works pretty well. I can share my script and awk if helpful On Thu, Feb 20, 2014 at 9:43 AM, Tom Bishop bisho...@gmail.com wrote: On Thu, Feb 20, 2014 at 9:39 AM, Joseph Hesse joehe...@gmail.com wrote: Hi, I am having interference with my neighbouring wireless networks. Is there a linux tool that enables me to monitor the ESSID, channel, power output and other information for neighbouring wireless networks? I am especially interested in the channel so I can choose a different one. Thank you, Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos There is a really good Android app, WIFI analyzer https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer if you have access to a phone or better yet a tablet. Very nice and allows you to look at all kinds of things, I also know of another one called Wifi Radar for linux but not nears as good. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks OT
On Thu, 20 Feb 2014 15:42:35 -0600 Joseph Hesse wrote: Apparently my hardware is not sufficient. When I run iwlist scan I get: lo p5p1; Interface doesn't support scanning I'm pretty sure you have to run it as root user. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks OT
Thank you to you for the offer. As a learning experience I will try to do it myself. Also, thank you to the user who pointed out that the iwlist command has to be run as root. On 02/20/2014 11:52 AM, Billy Crook wrote: there's the iwlist command. I put together an awk script to columnate the data I cared about, and a cronjob that runs it analyzes it for things i care about (like neighbors using my same or similar network name, same frequencies, etc, and put it in a cronjob to log and email me anomalies. Works pretty well. I can share my script and awk if helpful On Thu, Feb 20, 2014 at 9:43 AM, Tom Bishop bisho...@gmail.com wrote: On Thu, Feb 20, 2014 at 9:39 AM, Joseph Hesse joehe...@gmail.com wrote: Hi, I am having interference with my neighbouring wireless networks. Is there a linux tool that enables me to monitor the ESSID, channel, power output and other information for neighbouring wireless networks? I am especially interested in the channel so I can choose a different one. Thank you, Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos There is a really good Android app, WIFI analyzer https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer if you have access to a phone or better yet a tablet. Very nice and allows you to look at all kinds of things, I also know of another one called Wifi Radar for linux but not nears as good. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks OT
Joseph Hesse writes: Apparently my hardware is not sufficient. When I run iwlist scan I get: lo p5p1; Interface doesn't support scanning Is CONFIG_CFG80211_WEXT enabled in the kernel? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitor Wireless Networks OT
On 20/02/14 21:50, Frank Cox wrote: On Thu, 20 Feb 2014 15:42:35 -0600 Joseph Hesse wrote: Apparently my hardware is not sufficient. When I run iwlist scan I get: lo p5p1; Interface doesn't support scanning I'm pretty sure you have to run it as root user. and you normally need to specify the wireless interface that's doing the scanning (e.g, wlan0). So the normal usage would be, as root: iwlist wlan0 scan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos