[question] passive scanning

[yajrendrag]

on passive scanning page it says that learning can be sped up by using the android scanner app. what mode do you use it in - scanning or learning?

And I'm assuming that i should make the name of the device on the android scanner the same name as the device name that the scanning computers are learning about - e.g., wifi-XX:XX:XX:XX:XX:XX where XX:XX:XX:XX:XX:XX is the wifi mac address of the phone.

i used learning mode on the android scanner while the scanning computers (i have 2 rpi3's) were in learning mode. It's a little odd - the android scanner crashes (or more accurately, the gui crashes) but as i monitor my mosquitto server, i can still see all of the learning data get published to mqtt. But when i stop learning on the scanning computers and start passive scanning, the results are wrong. i learned 2 rooms as described above, and then went to 1st learned room, and did a force stop on the android scanner app , put the scanning computer back to scan mode, and when monitoring the mosquitto traffic, it's reporting that the phone is in the 2nd learned room. If i shut down passive scanning (sudo kill -9 on the rpi for the find3-cli-scanner) and turn the android scanner on the phone on, the mosquitto data shows the correct room. (& similarly to above, if i leave the passive scanner running on the rpi's and turn on the android scanner on the phone, the android scanner gui will crash, but mosquitto is still showing scanning data from the phone).

Does it sound like i'm doing this correctly? if so, any ideas on what to check on to see what might be going wrong w/ passive scanning?

thx, jay

[schollz]

what mode do you use it in - scanning or learning?

Either mode. Both modes will force the phone to periodically (every 10 seconds) make a probe request to the surrounding routers. This is the type of probe request that is needed for passive scanning. This probe request naturally occurs every minute to 10 minutes depending on phone use, so the app just speeds it up a bit.

I'm assuming that i should make the name of the device on the android scanner the same name as the device name that the scanning computers are learning about - e.g., wifi-XX:XX:XX:XX:XX:XX

Yep, this is correct.

Does it sound like i'm doing this correctly? if so, any ideas on what to check on to see what might be going wrong w/ passive scanning?

I'm not sure - are you actually telling the server that you are doing learning? In passive scanning it doesn't care whether or not the smartphone is "learning" or "tracking" mode. Instead you have to make a POST request to the server to specify, e.g.

$ http POST https://cloud.internalpositioning.com/api/v1/settings/passive \
     family=FAMILY device=wifi-XX:XX:XX:XX:XX:XX location="LOCATION YOU ARE LEARNING"

Please let me know if you have more questions! Your confusion is a bug in my documentation and I'd like to make it more clear for you and everyone else :)

[yajrendrag]

yep - did that command to tell the server am doing learning.

also the command i used on the raspberry pi's to turn on passive scanning is: (my find3-cli-scanner is in /usr/local/bin owned by root:staff. So I sudo -i then cd /usr/local/bin and then issues this command: nohup ./find3-cli-scanner -i wlan1 -device rpi2 -family MYFAMILYNAME -server http://my-find-server-local-IP:8005 -scantime 20 -forever -passive -no-modify&

wlan1 is the interface with the Panda PAU9 external antenna. rpi2 is the hostname i gave this raspberry pi. other one is rpi1. i am running find on port 8005. I changed the window time to 45..

am doing more learning with passive scanning to see if that helps. this time, instead of using the android scanner on the phone, i plugged in the phone (it's a samsung), and turned on a video to keep the screen on. It's learning more quickly (i can watch the number of data points via the dashboard) - but not as fast as using the android scanner. I did this because i began to wonder about fingerprints and scanner source...

So, here's the question.. what is the difference in the fingerprints that the server learns from active scanning by the android scanner vs fingerprints that the passive scanner snoops and passes on to the server?

& if the server database has both fingerprint types for any given device in a given location - does it/can it differentiate between the two types? or can it use either to make a location determination? or does having both types confuse things?

there's about a 30% difference in location probability between active scanning on android and passive scanning in one of the rooms (not sure of the other yet). And this is after deleting all data and starting over.

[yajrendrag]

something just feels like learning via passive scanning isn't working. Learned some more, and the behavior seems like the reported location from scanning is whatever location is last learned.

i'm wondering if my scanning command above is wrong or maybe something about promiscuous mode operation isn't work right or something similar.

iwconfig reports:

pi@rpi2:~ $ iwconfig
wlan1     IEEE 802.11  Mode:Monitor  Frequency:2.432 GHz  Tx-Power=30 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

The phone is connected to a 5G radio (the particular access point i'm connected to has it's 2.4Ghz radio turned off). I mention this because the above output shows a 2.4Ghz frequency... maybe i need to connect to a different network?

[yajrendrag]

started over again and made a few changes - seems to be behaving more as expected. for the most part I only have learned data from passive scanning. (there are a few data points learned by android scanning from the 1st location as it didn't seem that learning via passive scanning was taking to an empty data base. but possibly i just didn't wait long enough for data to show up) i did change the iwconfig to match the network my phone is connected to: sudo iwconfig wlan1 mode Monitor channel 153 i determined my 5GHz network was using channel 153.

so now iwconfig reports:

pi@rpi1:~ $ iwconfig
wlan1     IEEE 802.11  Mode:Monitor  Frequency:5.765 GHz  Tx-Power=30 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

Now after scanning 2 locations, i can move the phone between the 2 rooms and the location shows up properly on the mosquitto topic.

Would still be interested to know answer to question above:

what is the difference in the fingerprints that the server learns from active scanning by the android scanner vs fingerprints that the passive scanner snoops and passes on to the server?

thx, jay

[schollz]

Good, glad you figured it out.

what is the difference in the fingerprints that the server learns from active scanning by the android scanner vs fingerprints that the passive scanner snoops and passes on to the server?

They are mutually exclusive.

Fingerprints that are learned from active scanning are metrics for the distance between a phone and a router/access point.

Fingerprints learned from passive scanning are metrics for the distance between a passive scanner and anything that uses WiFi. In practice passive scanning is "reversed". Passive scanner X,Y,Z determine distances to phones/routers/computers A,B,C. A single passive scanner, X, has signals for A, B, C. In the server these scanners X,Y,Z are pooled together and reversed. Instead of inserting a fingerprint for X with signals to A,B,C, the fingerprint will actually be for A with signals X,Y,Z (similar for B,C).

The only way these would overlap is if you had a passive scanner that was also a router, which is possible but I don't think anyone would normally do this (though I tried).