OpenWrt Forum Archive

Topic: wassup.lua - WAyereless Site SUrveying Program

The content of this topic has been archived on 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

So here's another script for scanning the air. There's a few of them around but they're limited, have issues or I just failed to find them. Maybe someone else will find this one more useful than the others.

DEPENDENCIES
* lua(1) - Lua 5.1 interpreter which, thanks to LuCI, made its way to standard OpenWrt builds
* iwlist(8) - from wireless-tools, based on wext and pretty standard  OR
* iw(8) - nl80211 based utility, common on some newer systems  OR
* libiwinfo - nice abstraction library available in OpenWrt trunk OR
* airport - standard OSX command line utility (see here)

FEATURES
* flexible output coloring for ease of reading
* configurable columns
* configurable sort order
* filtering by ESSID, BSSID, encryption, channel or vendor
* ability to show vendor info (where available)
* detailed statistics
* for more see README

REPOSITORY
https://github.com/koniu/wassup

CHANGELOG
https://github.com/koniu/wassup/commits/master

DIRECT DOWNLOAD
https://github.com/koniu/wassup/raw/master/wassup.lua

SCREENSHOTS
http://ompldr.org/vNmI5bg

BUZZWORDS
site survey, stumbler, shtumbler, netstumbler, scanner, poor man's kismet

(Last edited by koniu on 27 Dec 2010, 11:03)

Added per-AP stats!

This should be handy eg. for testing different wireless cards/antennas and their range.
Or coming up with the best positioning for our router.
Just run wassup.lua -r 1000 for each setup and read avg and loss columns smile

Commit f7db0635.

http://ompldr.org/vNm5oeg

(Last edited by koniu on 21 Dec 2010, 08:56)

Here be candy!

http://ompldr.org/vNm9kMw
wassup -o - obfuscates SSIDs (commit)
wassup -k col1,col2,graph,... - new column graph showing signal changes (commit)
wassup -s col1,col2,col3,... - sort by multiple columns (commit)

As well as:

http://ompldr.org/vNm9jbw
wassup -g col - color rows by matching field content (commit)

http://ompldr.org/vNm9jcQ
wassup -> config section coloring of field contents by pattern  - here the example 'enc' and 's' fields (commit)

(Last edited by koniu on 22 Dec 2010, 15:01)

Mac OSX support added (-m airport) - tested with Snow Leopard (10.6.5). (commit)

http://ompldr.org/vNnFscg

'airport' utility is in OSX default install and needs to be added to the path:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport

Thanks go to chopped_pork for testing and the screenshot!

And here's what happens if you leave wassup running for too long:
http://ompldr.org/vNnJzOQ

Executed with the following config file (wassup -C ~/big.conf)

keys = { "essid", "bssid" }
iface = "wlan1"
method = "iw"

columns.vendor  = { format = "%-10s" }
columns.graph   = { format = "%-77s" }

column_order = {"bssid", "ch", "graph", "essid", "sig", 
                "min", "avg", "max", "loss", "enc", "first_seen",
                "last_seen", "tsf", "vendor"}

(Last edited by koniu on 29 Dec 2010, 15:15)

Neat.

But for some reason the «snr» column isn’t the difference of «noise» and «sig». It shows the same noise that «iw survey dump» does.


http://i.imgur.com/0hpIL.png

Also, shouldn’t it be using «iw dev scan passive»?

(Last edited by towolf on 26 Jan 2011, 15:10)

towolf wrote:

But for some reason the «snr» column isn’t the difference of «noise» and «sig». It shows the same noise that «iw survey dump» does.

It looks like you're getting some bogus looking noise stats and the output of "snr" is getting truncated by 1 char (didn't predict it could be 4 char long wink. What you can do is to create a config file, say - wider.conf with this line:

columns.graph   = { format = "%4s" }

and then invoke wassup -C wider.conf. You can also change the relevant line inside wassup.lua. But then with noise readings like these, I would probably just scrap the "noise" and "snr" columns altogether.

towolf wrote:

Also, shouldn’t it be using «iw dev scan passive»?

Should it? What would be the advantages?

koniu wrote:
towolf wrote:

But for some reason the «snr» column isn’t the difference of «noise» and «sig». It shows the same noise that «iw survey dump» does.

It looks like you're getting some bogus looking noise stats and the output of "snr" is getting truncated by 1 char (didn't predict it could be 4 char long wink. What you can do is to create a config file, say - wider.conf with this line:

columns.graph   = { format = "%4s" }

and then invoke wassup -C wider.conf. You can also change the relevant line inside wassup.lua. But then with noise readings like these, I would probably just scrap the "noise" and "snr" columns altogether.

Why are saying the values are bogus? Because noise that low is implausible?

koniu wrote:
towolf wrote:

Also, shouldn’t it be using «iw dev scan passive»?

Should it? What would be the advantages?

It wouldn't use probe requests, so the scan takes longer. In «iw survey dump» you can see that it remains for 133 ms on a channel, probably because 100ms is the default beacon interval. But some channels are only scanned in passive mode. Check «iw list». Any DFS channels are passive only in ath9k. In Europe you need to use passive to scan 5Ghz APs.

Oh, you’re subtracting wrong.

towolf wrote:

Oh, you’re subtracting wrong.

Uhm, so you suggest it should be abs(signal - noise)?
OK, I found it - will correct as per: http://en.wikipedia.org/wiki/Signal-to- … Definition

towolf wrote:

It wouldn't use probe requests, so the scan takes longer. In «iw survey dump» you can see that it remains for 133 ms on a channel, probably because 100ms is the default beacon interval. But some channels are only scanned in passive mode. Check «iw list». Any DFS channels are passive only in ath9k. In Europe you need to use passive to scan 5Ghz APs.

As for passive scanning being required by law on certain frequencies this should be taken care of by crda (as seen in «iw list» output) so we don't really need to bother with that.

On the other hand, not flooding the airwaves (or being stealthy) is a good reason to add this functionality. I looked up how other backends do it (notably iwlist where there's no dedicated option for passive scanning) and it seems that this is controlled by the driver (presumably use active scan where available?) so it's out of our hands. If I get some spare time I might have a play with wireshark to see what actually happens.

So - I can add another switch (-p for passive?) that will only have effect when using «iw» backend but I don't think I want to make it default since, as far as I understand it, it would fail to show hidden ESSIDs. Does that sound good?

Thanks for testing by the way - I initially wrote this script for my personal use but was hoping that other people might find it useful/interesting. If you have any other observation or ideas - shoot me smile

I wasn’t sure if the minus was clipped away in the noise field, I looked at the code , but the string matching in lua is new to me. Lua itself is.

noise: -108, signal: -66. sig-noise = 42. That would be it. Not sure if abs is necessary.


I found your script interesting because I looked at «iw survey dump» output and wanted something more clearly arranged.

Hello again. I plotted the noise values from iw survey over time. Something doesn’t add up.

Why does noise go ?down? when I switch on my microwave in all channels? Should it go up (towards zero)?

http://i.imgur.com/i2eLR.png

Check minute 00:56, microwave oven is next to router.

(Last edited by towolf on 11 Mar 2011, 21:28)

Here’s another plot made with data from looped »iw scan passive« and »iw survey dump« via awk into a text file and then plotted with R:
http://i.imgur.com/BMogD.png
What you see is full tilt 20HT NETIO benchmark on 2.4GHz channel 6. As I read it the plot reflects spectrum spread across the neighboring channels. It’s interesting but I’d love to have a more compact, lean  NL80211 based tool for this.

I went and made a live SVG plot based on the concept and code of that old M0n0wall traffic plot. It polls channel utilization data from »iw survey« via cgi script and hops across all channels every 4 seconds (if you make it faster data becomes imprecise and noisy). I use »iw set channel« and monitor mode.

http://i.imgur.com/ln5gO.png

You can see some funny activity patterns in the channel busy and receive fractions.

(Last edited by towolf on 21 Mar 2011, 13:01)

Those are some interesting (and neat) looking graphs smile. When I get some spare time I might have a go at adding some per-channel graphing to wassup and bringing it's site surveying features up. I am nowadays a bit busy  tho so don't hold your breath.

So, I’ve worked on my SVG some more. It’s plotting longer timescales now, because only then patterns emerge.  A windowful is 4 hours. Also I’m plotting the interference factor as suggested in the ACS proposal. It’s an interesting combination of noise and busy times. In monitor mode I’m not sending, so I omitted the tx values. The most preferable channel over a moving window average is marked with a star.

http://i.imgur.com/70qIm.png

(Last edited by towolf on 15 Nov 2011, 22:01)

@towolf, could you release your script to the community - bitbucket or github?

Actually yes, I’m planning to do that. Especially now that I’ve gone and made another component using the new spectral scan ability of the ath9k driver. The whole thing pretty much requires a box with an ath9k driver anyway. Also it wouldn’t really satisfactorily work with a wireless box that works as an access point. The plot needs the wireless adapter to hop over channels continuously.

It probably could be made to work with an AP that only hops over channels occasionaly though.

Picture relevant:

http://i.imgur.com/VlhAQ1y.png


Still working on this trying to find the proper parameters for scanning and visualization. I also want to make a waterfall that plots the spectral data over time. Together all three would give a good overview over spectrum. the spectral scan gives data for undecodable noise and the survey data gives an overview over decodable traffic.

Hi Towolf.

Where can I find your repository for this tool ?


towolf wrote:

Actually yes, I’m planning to do that. Especially now that I’ve gone and made another component using the new spectral scan ability of the ath9k driver. The whole thing pretty much requires a box with an ath9k driver anyway. Also it wouldn’t really satisfactorily work with a wireless box that works as an access point. The plot needs the wireless adapter to hop over channels continuously.

It probably could be made to work with an AP that only hops over channels occasionaly though.

Picture relevant:

http://i.imgur.com/VlhAQ1y.png


Still working on this trying to find the proper parameters for scanning and visualization. I also want to make a waterfall that plots the spectral data over time. Together all three would give a good overview over spectrum. the spectral scan gives data for undecodable noise and the survey data gives an overview over decodable traffic.

+1 for any update from towolf.

So am I correct that this tool never became finalized and that there is no way to do a "site survey" with OpenWRT as there is with dd-wrt?    I am not a developer or Linux expert but I am able to install and use both software packages and with my OpenWRT travel router I would like to be able to survey the area for signal channels, their strengths, names, open/not etc.    Thank you.

The discussion might have continued from here.