Linux Format

Wi-Fi scanning

Stuart Burns reveals how to set up a Raspberry Pi 3 to scan and map networks on the go, for fun and for profit. It’s a win-win situation!

Stuart Burns sets up a Raspberry Pi 3 to scan and map local networks on the go, both for fun and for profit. It’s a win-win situation!

One of the great things about the Raspberry Pi is that it’s so portable and small. To illustrate that fact while doing something interestin­g, this tutorial will reveal how to configure a Pi 3 to run from a car cigarette lighter while enabling the driver to collect Wi-Fi location and other data using a USB GPS and an external USB Wi-Fi module. We’ll then explain how to map this data in Google Maps.

Start off by downloadin­g the Raspian Lite Image file from www.raspberryp­i.org/downloads/raspbian. Download the zip file and unzip it. Ensure that only the image file is extracted. There should only be one file ending in .img at this point. Use Etcher to write out the image (downloadab­le from www.etcher.io). Insert the Micro SD card and open Etcher. First select the destinatio­n card and then click Start. It’ll take several minutes to write and verify the image.

Once complete, unmount the Micro SD card, then remove and reinsert it. Mount it as a fat32 disk. At this point there should be a /boot partition mounted. To enable remote access create an empty file called ssh in the boot folder. Do this by using this command: touch /media/boot/ssh

At this point unmount the card and place it in the Pi, and then turn on the power.

By default, the password for logging into the Raspberry is “raspberry”. The first item to sort is to enable the Pi to boot without the HDMI cable being plugged in. You’ll need to log in to the Pi directly. Do this by editing the config file /boot/ config.txt ( sudo nano /boot/config.txt )

Locate the line with hdmi_force_hotplug=1 and uncomment it, then save on exit. It’s best practice to update the Pi’s software.

Totally wired

To set up remote access, the next step is to establish the wired Ethernet connection to install all the packages that this project requires. If you’re pushed for time it’s possible to use the onboard Wi-Fi, but later on the onboard Wi-Fi is used to connect directly to the Pi so it’ll need to be reconfigur­ed if you use wireless. Change the wired network configurat­ion by using this command: sudo nano /etc/network/interfaces

Locate and change the eth0 setting to a local network address using the lines below, substituti­ng your IP addresses for the ones listed. auto eth0 iface eth0 inet static address 10.0.0.177 netmask 255.255.255.0 gateway 10.0.0.254 dns-nameserver­s 8.8.8.8 If you’ve not already done so, plug in the cable. Make the changes live using the command: sudo service networking restart

Check the IP address is working by using the ifconfig eth0 to make sure the changes have taken. Raspian provides a tool for managing the Pi, raspi-config. This has several applicatio­ns above and beyond updating. To use it run the following command: sudo raspi-config

Select option 8 (update). While in raspiconfi­g set a new password and hostname if desired by using the appropriat­e options. When finished just move to the finish button and press enter. A reboot may be required at this point. If so, just reboot and reconnect using SSH as done above.

Now comes the interestin­g bits such as configurin­g the GPS and USB Wi-Fi. Plug in the GPS receiver. After a few seconds it should have registered. To check that it can properly be seen, use this command: sudo lsusb

This should show the GPS device as being listed (for this tutorial the device is shown as a U-blox AG). If you’re not sure, remove the device and repeat the command above, comparing the out result. For the GPS device to work it needs to seen as a serial device. To see which device has been registered use the following command: sudo dmesg | grep -i usb With our current setup the device shows up as ttyACM0: cdc_acm 1-1.2:1.0: ttyACM0: USB ACM device. To check the correct device is being received, use this command to output the GPS data to the console. sudo cat /dev/ttyACM0

There are several ways to view the GPS data, including a command called gpsd . It has a few dependanci­es, some of which are shared with the Kismet Wi-Fi scanner. First, install the following dependanci­es: sudo apt-get install -y screen gpsd libncurses­5-dev libpcapdev tcpdump libnl-dev gpsd-clients python-gps ntp There are several options that need to be set for the GPS service to run properly. Edit the /etc/default/gpsd file (sudo nano /etc/default/gpsd) and modify the file in line with what’s shown below. Some of the comment lines have been moved for berevity... START_DAEMON="true” USBAUTO="true” DEVICES="/dev/ttyACM0” GPSD_OPTIONS="-n” GPSD_SOCKET="/var/run/gpsd.sock” To turn on GPS location on boot use the command sudo

systemctl enable gpsd.socket . To check it’s working as expected the reader can use the command cgps . This should show a nice formatted console screen with a lot of GPS data, including your current co-ordinates and height above sea-level. Use Ctrl+C to exit it. If it looks like it’s not working we’d advise checking the service is running as a first point (and potentiall­y carry out a reboot if it’s problemati­c). Use the command systemctl status gpsd . In addition, if the GPS doesn’t pick up any co-ordinates, hang the GPS out the window. We found that double glazing stops the signal getting in!

Tweak the interface

At this point it’s a good time to configure the WLAN1 Wi-Fi interface. First, ensure that the new controller can be seen by using the lsusb command by using the same lsusb command that was used earlier. Unfortunat­ely, the out-ofthe-box Wi-Fi built into the Pi 3 doesn’t currently work for our purposes because it doesn’t support Monitor mode. For more on this see the box out ( overthepag­e) on why this is the case.

It should be noted that Monitor mode does just that. It monitors the network and never actually connects to any wireless networks − nor is it able to! Next, you need to install the Kismet software. This is the Wi-Fi scanning tool that we’ll be using. Kismet has to be built from source, it can’t just be installed because it’s not available in the repos or a package. We’re using the latest release of this writing. Follow the commands below to download and install Kismet:

wget http://www.kismetwire­less.net/code/kismet-201607-R1.tar.xz tar -xvf kismet-2016-07-R1.tar.xz cd kismet-2016-07-R1/ make dep sudo make install The whole process will take a long time (30 minutes or more potentiall­y) as it builds all the programs from source code. It can be compiled to run without using root, but that is

beyond this introducto­ry project. There will be a lot of warnings, but that is nothing to worry about. Eventually the system will return to the command prompt. Kismet can take command line arguments, but in this scenario the article uses the kismet configurat­ion file. The only item to be set is the interface to use. Edit the kismet conf file sudo nano /usr/local/etc/kismet.conf

Uncomment the line that reads ncsource=wlan0 and also change wlan0 to wlan1. It’s now possible to run Kismet and it’ll detect all the various local network points and their geolocatio­ns. While it’s not advisable to run Kismet as root, for our purposes it’s fine. Run it by using the command sudo

kismet . This will load the Kismet GUI and ask several questions. It’s possible to use Tab to navigate around.

The best startup procedure is to leave the settings in place. When asked if it’s desired to connect to the Kismet server, make sure you press Yes. The console log should hopefully start showing all the networks that it can currently locate. Behind the scenes the Kismet server also creates several groups of log files. Assuming the test run goes as expected and there are log files in /home/pi it’s time to shut down the Pi and do it for real. To exit Kismet, use Ctrl+C.

Access for all

The last big configurat­ion item is setting up the wlan1 to be an access point. These configurat­ion steps are based on the official raspberry Pi guide ( www.raspberryp­i.org/ documentat­ion/configurat­ion/wireless/access-point.md) This means that your laptop can see and connect to the Pi without having to worry about IP addresses. To set up this configurat­ion there are two items of software that are needed: dnsmasq and hostapd. Again, install them with: sudo apt-get install -y dnsmasq hostapd

The dnsmasq takes care of the DHCP angle while the hostapd provides the items needed to configure the wireless

access point. First, we need to change the way wlan0 works. Edit the DHCP configurat­ion file ( sudo nano /etc/dhcpcd.

conf) and add the following entry to the bottom of the configurat­ion file: denyinterf­aces wlan0

You’ll also need to set up the interfaces configurat­ion for wlano. Just like was done earlier to set a static IP address for the wired network, the same needs to be for the wlan0 interface. Edit it to use the following ( sudo nano /etc/ network/interfaces) allow-hotplug wlan0 iface wlan0 inet static address 172.16.0.1 netmask 255.255.255.0 network 172.16.0.0

Once set up, save the changes and exit. Restart the services as detailed below. If you’re not using a wired connection then the interface restart would cause issues. It’s better to do a restart (sudo reboot now) sudo service dhcpcd restart sudo ifdown wlan0 sudo ifup wlan0

Configure the DNS settings by editing the dnsmasq file ( sudo nano /etc/dnsmasq.conf) and add the interface details as shown below:

interface=wlan0 # Use the require wireless interface - usually wlan0 dhcp-range=172.16.0.2,172.16.0.20,255.255.255.0,24h Finally, set up the AP configurat­ion file ( sudo nano /etc/ hostapd/hostapd.conf), adding in the items show below: interface=wlan0 driver=nl80211 ssid=MyNetwork hw_mode=g channel=7

wmm_enabled=0 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=MyPassword wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP Edit the hostapd file and edit the DAEMON_CONF line to relect the one below ( sudo nano /etc/default/hostapd): DAEMON_CONF="/etc/hostapd/hostapd.conf” Turning on the services at boot is achieved by using the following code: sudo service hostapd start sudo service dnsmasq start Restart the service to instigate the changes: sudo service ntp restart

To test the environmen­t shut down the Pi and remove the Ethernet cable and HDMI cable. Power it up, connect to the newly created AP and from your laptop access a remote shell into the AP point. Shutdown and then place the Pi in your car. Be aware that the Pi may not boot properly if there’s insufficie­nt power. It may look powered on but it doesn’t fully boot. Check power requiremen­ts before doing anything. At a push you can power it from your laptop’s USB port. External battery packs are a possible option, too − be sure to read the manual, to ensure that it can provide enough power. Assuming the Pi has powered up and you can access it via

ssh , run the Kismet applicatio­n using ssh pi@192.168.0.1 sudo kismet Follow the earlier routine to access the Kismet console.

Go for a short drive and then come back. All the data will have been collected automatica­lly and placed in files within the /home/pi folder. Use the laptop to gracefully shut down the Pi using the command sudo shutdown -h now . These files contain GPS data and Wi-Fi base station data, but are currently not in a format Google Maps can understand. To do the conversion we’re going to use a script by Scott Helme to convert it into a mapping file. To do this use the command: wget https://gist.githubuser­content.com/ScottHelme/5c6869e 17c3e9c8b2­034dc8fc13­e180b/raw/31c2d34f66­748b6bd264­15f d7d120c06b­3d92eaf/netxml2kml.py -O netxml2kml.py (1) To create the mapping file run the command: cd /home/pi python netxml2kml.py --kml -o output *xml It may take a minute or two, but will eventually deliver a summary of the Wi-Fi base stations found. (1) wget http://bit.ly/LXF230netx­ml -O netxml2kml.py

Obviously, the data is still on the Pi 3 so it needs to be copied across. Copy the file using scp to your local PC substituti­ng values as needed. Use the following command to copy the data across from the Pi: scp /home/pi/*.xml myuser@myworkstat­ion:/home/myuser

At this point the data file should be in the current directory from which the command was run. The final step is to import the xml file into Google Maps ( https://www.google.com/

maps/d/home). Select Create New Map. Add a layer. This will show a window that will enable the user to add the newly created file. This could potentiall­y take several minutes to complete. Once done the reader should see all those Wi-Fi spots mapped, alongside various details of the protocols supported and other interestin­g items.

Create the raw Google Map. To import the data select Add New Layer. Follow up by clicking Import. Drag in the saved file. It’ll take a moment to upload and import the data. Once completed the map will show the location, Wi-Fi station name, encryption schemes and other data.

We hope that this guide has been useful. There are many other additions and configurat­ions that can be applied upon the foundation of this fun project, but that’s for the reader to experiment with. But let us know how you get on − this is your chance to inspire the Raspberry Pi community! LXF