On Thu, Feb 20, 2014 at 3:50 PM, Frank Cox theatre@melvilletheatre.com wrote:
On Thu, 20 Feb 2014 15:42:35 -0600 Joseph Hesse wrote:
Apparently my hardware is not sufficient. When I run "iwlist scan" I get:
lo p5p1; Interface doesn't support scanning
I'm pretty sure you have to run it as root user.
You also have to run it on your wireless nic. p5p1 sounds like a gig-ethernet wired nic. wlp should be your wireless
You might also have to ifup wlan0 or ifconfig wlan0 up to get it to scan. Sometimes if its down, it won't scan.
I thought I might share my scripts anyway. First the awk, then the cronjob.
# cat bin/iwlistparse.awk $1 == "BSS" { MAC = $2 wifi[MAC]["enc"] = "Open" wifi[MAC]["mac"] = $MAC } $1 == "SSID:" { wifi[MAC]["SSID"] = $2 } $1 == "freq:" { wifi[MAC]["freq"] = $NF } $1 == "signal:" { wifi[MAC]["sig"] = $2 " " $3 } $1 == "WPA:" { wifi[MAC]["enc"] = "WPA" } $1 == "WEP:" { wifi[MAC]["enc"] = "WEP" } END { # printf "%s\t\t%s\t%s\t\t%s\n","SSID","Frequency","Signal","Encryption"
for (w in wifi) { printf "%s\t\t%s\t\t%s\t%s\n",wifi[w]["SSID"],wifi[w]["mac"],wifi[w]["freq"],wifi[w]["sig"],wifi[w]["enc"] } }
# cat bin/wlanpatrol #!/bin/bash tstamp="$(date +%Y%m%d%H%M%S)"
#Wirelss is flakey. Retry a 'few' times to get the right number of authorized APs, or any APs at all. sometimes scans just fail iter=0 while [[ "${iter}" -le 60 ]] do iter=$(( ${iter} + 1 )) /sbin/iwlist wlp12s0 scanning 2>&1 | grep -v 'wlp12s0\ \ \ Interface\ doesn'''t\ support\ scanning\ :\ Device\ or\ resource\ busy' > /root/iwlistlogs/${tstamp}
#Replace 00.11.22.33.44.55's with the mac addresses of your authorised APs OurAPCount="$( awk -f /root/bin/iwlist.awk < /root/iwlistlogs/${tstamp} | grep -i -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' | wc -l)" if [[ ! -s "/root/iwlistlogs/${tstamp}" ]] then continue fi
#In our environment, I expect 6 legitimate APs be visible at all times. if [[ ${OurAPCount} -eq 6 ]] then break fi #echo OurAPCountError: ${OurAPCount} found.
sleep 0.1 done
APCount="$( awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp} | wc -l)"
#Here we check for bits and pieces of our actual company name in the names of all detected APs. Then we ignore the authorized mac addresses, to come upwith a list of APs pretending to be us. RogueAPs="$( awk -f /root/bin/iwlist.awk < /root/iwlistlogs/${tstamp} | \ grep -i -e my -e company -e mc -e myc -e yco -e com -e omp -e mpa -e pan -e any | \ grep -i -v -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' )"
if [[ $OurAPCount != 6 ]] then awk -f /root/bin/iwlist.awk < /root/iwlistlogs/${tstamp} | mail -s "Abnormal number of Our authorized APs: ${OurAPCount}" bcrook@mycompany.com fi
if [[ ! -z "${RogueAPs}" ]] then mail -s "ROGUE APS IN USE" bcrook@OurAPCount.com <<< "${RogueAPs}" fi