WiFi and Bluetooth device detection

[frisovv]

Hello all,

I am looking for a affordable way to to WiFi and Bluetooth device detection within some area. There are off the shelf devices that achieve this, for example here: http://www.libelium.com/products/meshlium/. The use case is to gather data on which devices (by MAC address) have been near the measurement point at which times. Typically these things register MAC addresses, a class of device code (e.g. phone, car kit, laptop, etc.) and the signal strength which has some relation to how close the device was to the measurement point.

What I was hoping for is that a Raspberry Pi with Bluetooth and WiFi via USB could achieve the same. As a software developer, I am not much of a hardware person. I haven't used a Raspberry Pi before. I am fluent in a number of programming languages and can work with Linux, though.

Does anyone know of USB devices that would be capable of doing this in combination with a Pi? Keep in mind that I am not interested in connecting with any device, but just want to know which devices are in the area.

Thanks for any advice!

[derelict]

Hi

I'm in the same boat... i have 3 rpi's with cheap bluetooth dongles and a bash script basically l2ping my "predefined" devices.

did you get any further ??

This looks interesting: http://www.cooking-hacks.com/index.php/ ... ry-pi.html but expensive and only for bluetooth

[frisovv]

No, not much progress for me, but haven't spend a lot of time on it.

We are looking at ready made offerings as well. They are expensive, but would get us started for sure, so we can focus on software and getting a demo of what we intend to do working.

When mentioning "predefined" devices, does that mean that the rpi needs to know about your devices in advance? We are looking for something that basically just grabs MAC addresses out of the air for anything that passes.

[mikerr]

For bluetooth the device needs to be in discoverable mode once to get its MAC (don't need to pair though)
but you can later detect it even when not in discoverable mode.

Simple methods are:

Code: Select all

hcitool scan

finds my Samsung Note2:

Code: Select all

12:34:56:78:90:00 GT-N7100

Have a look at my thread here on Bluetooth presence /distance sensing :
http://www.raspberrypi.org/phpBB3/viewt ... 37&t=47466


For WIFI you can periodically do

Code: Select all

sudo iwlist wlan0 scan |egrep  'SSID|Address|Signal'

which will give

Code: Select all

          Cell 01 - Address: C4:3D:C7:3B:12:34
                    Quality=53/70  Signal level=-57 dBm
                    ESSID:"MWR"
          Cell 02 - Address: 2C:B0:5D:FB:67:F6
                    Quality=33/70  Signal level=-77 dBm
                    ESSID:"virginmedia1000829"
          Cell 03 - Address: 5C:7D:5E:B6:69:00
                    Quality=19/70  Signal level=-91 dBm
                    ESSID:"TALKTALK-B668F8"
          Cell 04 - Address: 7C:03:4C:A9:A0:36
                    Quality=19/70  Signal level=-91 dBm
                    ESSID:"SKY9A035"

[Drew]

Ever heard of kismet?
http://kismetwireless.net

It is capable of passively monitoring wifi & logs to files you can use elsewhere.
It's often found pre-installed in security/ pentesting distributions, Kali linux has a version for the RPi
http://www.kali.org/downloads it should have kismet & the correct wifi drivers.

I think kismet can also do bluetooth monitoring, via a plugin but memory will be an issue on the RPi. There will be many other bluetooth logging tools installed in Kali linux. Kismet can also work as a 'drone' for a server, so the pi could return logs to a central kismet server, that could be running snort or other reporting software. It supports GPS logging too (from a gpsd device) so you can output & view logs in Google Earth etc.

You do need a wifi card that can run in monitor mode (iw list will mention the capabilities of connected devices).

Using 'iwlist scan' is an active scan - it relies on devices reporting back (hidden ap's don't reply), kismet simply monitors the data in the air (it will report hidden ap's if they get/send data).

[mikerr]

Using 'iwlist scan' is an active scan - it relies on devices reporting back (hidden ap's don't reply), kismet simply monitors the data in the air (it will report hidden ap's if they get/send data).

Yep, I was posting a simple diy method - if you don't want to go the prepackaged kismet etc route.

[frisovv]

Thanks! I will have a look at kismet. It appears to be capable of what we need.

[MattF]

On the Bluetooth side http://freecode.com/projects/bluelog is rather better than hcitool scan

[Drew]

Kismet is powerful, if you need help with setup I may be able to help a little :)
It may make more sense to run a kismet server on another machine & have the Pi as a drone. It really depends on what you are aiming to achieve.

I think bluelog is also installed in Kali linux (or is in the Kali repositories - just apt-get it).

[frisovv]

I am very short on time lately, but still pursuing this. I plan to buy a rpi tomorrow (found a shop in NL that appears to have model B in stock) and take it from there.

Ultimate goal is to do data collection (MAC addresses) about any device that comes within range of the device, regardless of whether they connect. Ideally I would be able to collect a MAC address, some device type identifier (e.g. is it a phone or a car kit), signal strength and timestamp. I'll go for wifi first and add bluetooth secondly if I can.

@Drew: Do you have any tips on which type / brand of wifi dongle I should go for? I admittedly know too little about wireless network technology (I'm a software guy). If you have any references to an article / post that outlines how to use kismet for this purpose, that'd be great as well.

[Drew]

@Drew: Do you have any tips on which type / brand of wifi dongle I should go for? I admittedly know too little about wireless network technology (I'm a software guy). If you have any references to an article / post that outlines how to use kismet for this purpose, that'd be great as well.

For Kismet I think wifi cards that support monitor mode is suffice. I think it helps to have an antenna socket so you can use directional or more powerful antenna at a later date, but the power usage will mean the Pi needs a USB hub with it's own power supply.
I have an Alfa AWUS036NHA (uses ath9k_htc driver). It works OK with the Pi but sometimes the driver doesn't get loaded at boot, replugging usually fixes it. I think it could be down to my USB hub, it's usually fine if I don't have the ethernet connected. You can certainly find other cards that use a bit less power & still support monitor mode.

I use the aircrack.org compatibility page as a starting point, I suspect some of it may be out of date, it is focused on the aircrack suite which does injection & cracking, so you can ignore those features if you only want monitor mode.
http://aircrack-ng.org/doku.php?id=comp ... ty_drivers

I've seen kismet guides for Arch linux http://cyantific.de/tutorials/archlinux ... -tutorial/ <-- he made a nice case too.
Heres an example using kismet on older 'pwnpi' OS…
https://www.youtube.com/watch?v=RVVaWox ... L6FkEPouGs

I tried Kismet in Rasbian, Arch and Kali linux. Kali is probably easiest because it has all the correct software, drivers and tools you will ever need. You can also run the desktop version in a VM/ live boot incase you want to try something out on a quicker machine or test something to breaking point.

You could probably follow any 'raspberry pi wardriving' guide, just leave out the bits that mention gpsd unless you want to have GPS logging too. If kismet_server is too RAM heavy you can still monitor & parse out the various mac addresses & probe responses via tcpdump or tshark, but kismet is ideal. The manual has a bit of info on low RAM systems.
http://kismetwireless.net/documentation.shtml

[frisovv]

Hi all,

For those still listening, I went with the following setup:
- rpi B
- Belkin USB hub (w/ power supply): http://www.belkin.com/us/p/P-F5U234
- Alfa AWUS AWUS036H + antenna: http://www.amazon.de/dp/B002BFMZR8 (amazon.de link, since that's where I ordered it)

I am not using Kali + Kismet, but the standard raspbian and tshark (apt-get install tshark). This works out of the box. Required drivers are already present. This is not the case with the Kali image, for some reason. The WiFi dongle does work with the standard AMD64 Kali image on a VM, though. Not sure why. Anyway, tshark meets my needs better, as I am not interested in the UI. Just data gathering.


Thanks for all the help!
Friso

[gizmotom]

Hi Friso

Are you sure tshark meets your need? my understanding is that you want to track devices near you? I think with tshark you can only track devices that are already connected to the wifi network? I don't think you can log mobile devices that are not connected to the network, am I wrong?

Thanks,

[frisovv]

my understanding is that you want to track devices near you? I think with tshark you can only track devices that are already connected to the wifi network? I don't think you can log mobile devices that are not connected to the network, am I wrong?
Thanks,

tshark (with the interface in monitoring mode) also captures probing frames, which is what phones send out every now and then, even if not connected to anything. The phone does have to be activated in some way; when the screen is off, it doesn't do anything; as soon as someone activates the phone, it will start probing. This is why many shops and other venues offer free WiFi. People will use it and, as such, become easier to track in the store / place. With the Pi + a simple WiFi dongle that supports monitoring mode, you can quite easily and affordably create such a setup yourself. This is what I was trying to verify.

[mikerr]

Note iphone's tell you a bit more,

they broadcast where they have previously been too:
http://9to5mac.com/2013/01/01/isniff-gp ... -services/

https://github.com/hubert3/iSniff-GPS

[2011dkang1]

[finnisoestela]

2011dkang1 did you ever get it going or get any response from Friso?

[odonnella]

Friso,

Thanks for starting this post. I am looking to do the same thing but for college dining halls. My goal is to install the device you described and then report in real time the congestion in the room. I know we will not get a perfectly accurate amount of people, but I hope it will be close enough.

Was your system able to track bluetooth as well or just wifi probing? If it was able to track both, how did you make sure not to double count the same phone?

Overall, do you think the system you described will be able to report the data in real time or do I need to modify it?

Any other advice per your experience would be helpful!

Thank you!

Adam

[Goodtraxmx]

Hi guys,

3 weeks ago we got broken into and had 7k worth of stuff stolen, most of it my son's birthday and Christmas presents. So it was a massive security wake up call for me as a dad and so I started searching for some monitoring devices. We now have all the traditional stuff but I came across your thread discussing monitoring and logging of devises that come into our wifi range.

Can someone either make me and idiots guide to building one or if I pay build one for me?

Hope to hear from someone soon.

[PangolinPaws]

Hi guys,

3 weeks ago we got broken into and had 7k worth of stuff stolen, most of it my son's birthday and Christmas presents. So it was a massive security wake up call for me as a dad and so I started searching for some monitoring devices. We now have all the traditional stuff but I came across your thread discussing monitoring and logging of devises that come into our wifi range.

Can someone either make me and idiots guide to building one or if I pay build one for me?

Hope to hear from someone soon.

That's pretty harsh, sorry to hear it.

This WiFi thing would let you record all the MAC addresses of the devices that come within range but I don't know how useful that is for security. For example, there's no way (that I know of) to look up & identify a person based on their device's MAC address.

I have messed about with this sort of thing a bit and I did half-finish a project. Some if the stuff I found might be of interest:

viewtopic.php?f=41&t=87807

[kolloni]

Hey,

I already googled but I could not find any answer for it.
Is it possible to get the signal strengh of the device which sends out a probe frame?

Thanks

[badger13]

Hi all,

For those still listening, I went with the following setup:
- rpi B
- Belkin USB hub (w/ power supply): http://www.belkin.com/us/p/P-F5U234
- Alfa AWUS AWUS036H + antenna: http://www.amazon.de/dp/B002BFMZR8 (amazon.de link, since that's where I ordered it)

I am not using Kali + Kismet, but the standard raspbian and tshark (apt-get install tshark). This works out of the box. Required drivers are already present. This is not the case with the Kali image, for some reason. The WiFi dongle does work with the standard AMD64 Kali image on a VM, though. Not sure why. Anyway, tshark meets my needs better, as I am not interested in the UI. Just data gathering.


Thanks for all the help!
Friso

I know this post is a while after yours, but were you able to have any luck with Bluetooth device detection? I would like to make something exactly like yours with the same exact output, but for Bluetooth detection. Any insight would be much appreciated.

[tonny.vivas]

Hello everyone, I'm new with RPi and tshark. I'm trying to use tshark to see MAC addresses and their rssi or tx power, but can't seem to find the proper field name:
the command I'm using is:
sudo tshark -S -l -i wlan1 -Y 'wlan.fc.type_subtype eq 4' -T fields -E header=y -e frame.time -e wlan.sa -e wlan.sa_resolved -e wlan_mgt.ssid
And I get:
frame.time wlan.sa wlan.sa_resolved wlan_mgt.ssid
Jan 3, 2017 12:25:03.048773000 EST b8:27:eb:1a:d3:2f Raspberr_1a:d3:2f
Jan 3, 2017 12:25:03.069641000 EST b8:27:eb:1a:d3:2f Raspberr_1a:d3:2f
Jan 3, 2017 12:25:03.092482000 EST b8:27:eb:1a:d3:2f Raspberr_1a:d3:2f
Jan 3, 2017 12:25:03.155865000 EST b8:27:eb:1a:d3:2f Raspberr_1a:d3:2f
Jan 3, 2017 12:25:03.362698000 EST b8:27:eb:1a:d3:2f Raspberr_1a:d3:2f
Jan 3, 2017 12:25:03.383152000 EST b8:27:eb:1a:d3:2f Raspberr_1a:d3:2f
Jan 3, 2017 12:25:03.426263000 EST b8:27:eb:1a:d3:2f Raspberr_1a:d3:2f
Jan 3, 2017 12:25:03.496762000 EST b8:27:eb:1a:d3:2f Raspberr_1a:d3:2f
Jan 3, 2017 12:25:03.517186000 EST b8:27:eb:1a:d3:2f Raspberr_1a:d3:2f

I've tried: (with no luck)
chan.chan_tx_pow
wlan.dbm_antsignal
wlan.antenna
wlan.normrssi_antsignal
wlan.rawrssi_antsignal
wlan.signal_strength
wlancap.dbm_antsignal
wlancap.ssi_signal

Could anyone help me out?

[jjmeseguer]

Hi
I'm doing it with:
sudo tshark -l -i wlan0 -o gui.column.format:'"MAC", "%uhs","RSSI", "%e"'
But if you are on a Raspberry Pi 3 and using the builtin wifi, you'll need to install nexmon (https://github.com/seemoo-lab/nexmon) in order to put it in monitor mode.
Regards.

[bansp]

I am a novice about RPI and related programming. I need to design a project that could tell me the location of Bluetooth and WiFi devices. The discussion here I find very interesting but being a novice, cannot make anything out of it. Can anybody suggest/guide me to accomplish my project?