Current state

Done:

• detect and count number of close-by client devices: based on aircrack-ng and scapy
• send occupancy post request to REST API

Open:

• Main problem: The wifi interface has to be in the monitor state to sniff for devices, but needs to switch back to managed to communicate its results to the the backend. Simple solution would be to do some system calls from python to start and stop monitoring. These system calls require sudo rights, that is either there is a dedicated user with no password required or a little bit more subprocess handling is required. Another cool solution would be to do the monitoring via WIFI and send the requests over another network interface.
• Major issues:
  • I did not manage to achieve a nice interruption of the sniffing process, should be moved in a separate thread , see below.
• Minor issues:
  • move out configuration file
  • create nice argument parsing
  • refactor
  • error handling

Background

Setup headless Raspberry Pi

Requirements

• Raspberry Pi 3, Model B
• SD Card with (at least 4GB to hold the rasbian img)
• a laptop with internet access

Steps

1. Download rasbian here
2. Flash rasbian to SD card here
3. Prepare automatic connection to WIFI and enable SSH here
4. Insert SD in Raspberry and connect power supply. There is a red LED, which should turn on. If this red LED blinks , there might be problems with the power supply or the kernel image.
5. Ssh into raspberry ssh pi@<IP> Find the IP address via getting the own IP hostname -I, then pinging all available devices nmap -sn 192.168.0.1/24, then run sudo arp -aand look for entries starting with b8:27:eb:... (The automatic WIFI connection did not work for me, but connecting to the router via LAN allowed to connect to the raspbi).
6. To proceed, follow the steps below to set the wireless interface to monitoring mode. Note that the default user pi is already in the sudo group

Monitoring of wifi capable devices

Switching wlan interface to monitoring mode

In order to monitor all wifi capable devices, the wlan interface of the monitoring device has to be put into a designated monitoring mode.

Worked on my laptop

Installation of airmon-ng via

sudo apt-get install aircrack-ng

Check available interfaces

sudo ifconfig -a
eth0: ...

lo: ...

wlan0: ...

Here wlan0 is the wlan interface.

Check mode of the interface via

sudo iwconfig
wlan0     IEEE 802.11  ESSID:"..."  
          Mode:Managed  Frequency:2.437 GHz  Access Point: ...

Now switch the mode to monitor via (attention: no access to wifi anymore)

sudo airmon-ng start wlan0
PHY	Interface	Driver		Chipset

phy0	wlan0		iwlwifi		Intel Corporation Wireless 8260 (rev 3a)

		(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
		(mac80211 station mode vif disabled for [phy0]wlan0)

The monitoring interface wlan0mon. Verify via

sudo iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

wwp0s20f0u2i12  no wireless extensions.

wlan0mon  IEEE 802.11  Mode:Monitor  Frequency:2.457 GHz  Tx-Power=0 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

To stop the monitoring, run (might take a moment until wifi works again)

sudo airmon-ng stop wlan0mon

Edits for Raspberry Pi

The in-built wireless cannot be switched to monitor mode with the canonical driver. But an alternative driver is Nexmon.

Ressources

• aircrack newbie guide
• aircrack tut -> Step 1 - Start the wireless interface in monitor mode
• wireshark tut with detailed instructions to switch to monitor mode
• a python-based monitoring setup on a raspberry

Monitoring of packets

With the monitoring device, we can now check the packets send from other devices. Basically, we can read the contents of this package to determine whether this is a client request e.g. a mobile phone and retrieve its MAC address, a unique id. With this info, we can determine the amount of active wifi devices.

Install scapy

Here with conda

conda create -n raspi-sniff python=3. 
conda activate raspi-sniff
conda install -c conda-forge scapy

Detect client packages

In the communication protocol between clients and access points (WIFI networks), packets can be either management , control or data frames. The management type packets are used by clients to look for access points, associate to and disassociate from them. At the same time, the management type is used by the access points to reply to searching clients. Via scapy, this information can be obtained by checking the packet type (which frame ) and the subtype (which action, client or AP).

• packet frames
• management frame
• packet structure scapy
• a short script to detect clients and save them in a list

TODO: Get sniffing into a separate thread for proper shutdown

https://blog.skyplabs.net/2018/03/01/python-sniffing-inside-a-thread-with-scapy/