search

sensepost / snoopy-ng

Snoopy v2.0 - modular digital terrestrial tracking framework
Other
429 stars 127 forks source link

Not scanning across wifi channels #30

Closed jimbonet closed 9 years ago

jimbonet commented 9 years ago

I am running 1.09 kali image on raspberry pi with Alfa awus051nh (dualband) and have found that I only appear to detect APs and clients on one channel. when i run kismet or wifi analyser on another device I detect lots more APs/clients in the same location. I have tried wifi:mon=True and false and also tried placing alfa into monitor mode before running snoopy but still no joy.

It seems like snoopy locks on one channel when it runs rather than hopping. I have ran airodump-ng on same pi and it scans all the channels so do think its a driver issue.

Any thoughts?

note: I had to comment out mitmproxy in install.sh and remove the mitmproxy.py to compile without errors

esvanoe commented 9 years ago

Try running airodump-ng before you start snoopy to force the adapter to go channels? On Nov 29, 2014 1:13 AM, "jimbonet" notifications@github.com wrote:

I am running 1.09 kali image on raspberry pi with Alfa awus051nh (dualband) and have found that I only appear to detect APs and clients on one channel. when i run kismet or wifi analyser on another device I detect lots more APs/clients in the same location. I have tried wifi:mon=True and false and also tried placing alfa into monitor mode before running snoopy but still no joy.

It seems like snoopy locks on one channel when it runs rather than hopping. I have ran airodump-ng on same pi and it scans all the channels so do think its a driver issue.

Any thoughts?

note: I had to comment out mitmproxy in install.sh and remove the mitmproxy.py to compile without errors

— Reply to this email directly or view it on GitHub https://github.com/sensepost/snoopy-ng/issues/30.

jimbonet commented 9 years ago

Cheers, what I have found that seems to work so far is:

  1. Install screen using: apt-get install screen
  2. Create mon0 and mon1 interfaces by running command airmon-ng start wlan0 twice.
  3. start a new screen for airodump: screen -dmS airodump
  4. jump to that screen using: screen -r airodump
  5. start airodump-ng running: airodump-ng mon1
  6. go back to main terminal using: ctrl A then D
  7. start a new screen for snoopy: screen -dmS snoopy
  8. jump to that screen using: screen -r snoopy
  9. now start snoopy: snoopy -v -m wifi:iface=mon0,mon=False -d TEST -l HOME
  10. go back to main terminal using: ctrl A then D

Now seem to be detecting all APs an clients but only if airodump is running at same time! Bit of a pain and probably pushing poor Pi to the limits but at least its working!!

esvanoe commented 9 years ago

I am pretty sure if you specify iface=mon0 you can skip mon=False, that is how I run mine, without issue.

you might also be able to run both airodump-ng and snoopy on mon0, I think I had this work in the past, but I could be mistaken.

Glad it is working though!

7109node commented 9 years ago

Esvanoe is correct. The easiest way I have found is to start airodump-ng as a startup service in init.d with the appropriate headers. Then have the snoopy call in rc.local as normal using iface=mon0. This works since you already specified mon0 during the airodump startup script.

I use this setup on my pi B+ and it works flawlessly.

th36r1m commented 9 years ago

This may sound silly, but make sure you aren't connected to a wireless network on your 'wlan' interface when you put the card into monitor mode. I'm running 1.0.9 using my alfa card using 'wifi:mon=True' with no problem, and I don't start anything extra at start up. If you are connected, then your card will only scan that particular channel.

glennzw commented 9 years ago

Keep in mind 'mon=True' will just run 'airmon-ng', note the first available adapter, and run 'airmon-ng start wlanXX'. Snoopy then listens on whatever monitor interface is returned. You could run the airmon-ng commands yourself, then run with 'iface=monX'.

You're right on the channel hopping. I was trying to figure out an elegant way to hop, but backgrounding airodump is the solution for now. So, in summary:

snoopy -l home -d myDrone -m wifi:mon=True -v & airodump-ng mon0 or airmon-ng start wlan0 && airmon-ng check kill && snoopy -l home -d myDrone -m wifi:iface=mon0 -v & airodump-ng mon0

I might add an option to the wifi plugin to background airodump for us.