Skip to content

Developer Notes

Jump to bottom Edit New page
Brannon Dorsey edited this page Mar 22, 2015 · 12 revisions

Filters

var filter = {
    manufacturer: ["00:00:00", "00:00:01"],
    networks: ["xfinitywifi", "home-net"],
    time: {
        to: 1426981365152,
        from: 1426981765152
    }
}

Live Demo!

I've managed to get a live demo going as this commit. Its:

  1. Configuring a wireless device into monitor mode and hopping channels 1-12 listening for probe requests
  2. Streaming probes them to data/probes.csv
  3. Setting up a Webserver at localhost:3000
  4. Piping all probes to the web client via socket.io

Furthermore, the client parses the data/probes.csv that it loads via ajax on $(document).ready exactly the same way that it parses the probes received via websockets guaranteeing that it's data will remain in sync with page refreshes.

To run this demo you must have be running linux with nodejs version 0.12.x and tshark installed.

git clone https://github.com/brannondorsey/SSIDButterflyCollection.git
cd SSIDButterflyCollection/node
npm install
sudo node server.js --interface=wlan0 # use your own interface

Static Webserver with Node.js

Install Nodejs from https://nodejs.org/. Then, from inside the node/ folder you must install the Node Module dependencies used for this project using the Node Package Manager (npm). To install these dependencies (which are listed in package.json) run:

npm install

Next, start the Webserver with:

node server.js

Your node server should now be statically serving the content from the public folder (../public relative to where you have probably run the node server.js command from).

To view this content visit http://localhost:3000.

JSON Probe Packet Standard

Here is a mock-up standard to represent probe requests as JSON

{
	"mac": "b4:9f:ea:9c:d6:45",
	"ssid": "My Wifi Network",
	"timestamp": 1410715640579
}


{
	"b4:9f:ea:9c:d6:45": {
		"lastSeen": 1410715640579,
		"timesSeen": 4,
		"knownNetworks":[
			"HOME-NET",
			"Starbucks"
		]
	}
}

Receive Probe Requests with Tshark

Make sure that your wireless card is up using ifconfig. If it is not then you can bring it up with:

# sudo ifconfig <device_name> up
sudo ifconfig wlan0 up

Next, set the device in monitor mode:

# sudo ifconfig <device_name> mode monitor
sudo iwconfig wlan0 mode monitor

This should drop your wlan0 device into monitor mode. Now start tshark with filter to only collect probe requests:

# tshark -i <device_name> -n -I -l subtype probereq [|]
tshark -i wlan0 -n -I -l subtype probereq

Here the -n flag tells tshark disable network object name resolution (such as hostname, TCP and UDP port names), -I tells tshark to use monitor mode, and the -l flag line buffers stdout so that each stream represents one packet. More info about tshark here.

You should now receive a stream of probe requests to stdout. You can easily pipe the output of tshark by appending | to the end of the command.

Add a custom footer
Add a custom sidebar
Clone this wiki locally