Jump to content

Monitoring Unassociated Clients


blueteq
 Share

Recommended Posts

Hi, over the weekend I resurrected an old Mark V Pineapple which had some bad firmware...  in anticipation of the Tetra which is on its way. 

We doing a project for a client where they want to count the number of people in a shopping area by counting the number of devices in range of an AP looking to connect to some SSID. We just need a list of client addresses trying to connect with time and date. The client in an effort to save cost will build reports on the data. 

One of the Tetra features is, Device tracking and alerting so hoping that will do it out of the box. 

We looked at commercial solutions like Euclid but as mentioned ... they don't have a crazy budget. 

Any other ideas would be great. 

Thanks

Link to comment
Share on other sites

29 minutes ago, blueteq said:

Hi, over the weekend I resurrected an old Mark V Pineapple which had some bad firmware...  in anticipation of the Tetra which is on its way. 

We doing a project for a client where they want to count the number of people in a shopping area by counting the number of devices in range of an AP looking to connect to some SSID. We just need a list of client addresses trying to connect with time and date. The client in an effort to save cost will build reports on the data. 

One of the Tetra features is, Device tracking and alerting so hoping that will do it out of the box. 

We looked at commercial solutions like Euclid but as mentioned ... they don't have a crazy budget. 

Any other ideas would be great. 

Thanks

It would be smarter to just enable "Log Probes" in the PineAP module, and then download and parse the PineAP log.

Link to comment
Share on other sites

  • 2 weeks later...

Just an update, we turned on the project today and it worked great, however the pineap.log only seem to be for the last hour? is this correct? How would I capture a full day activities? 

I assume the log clears itself? Will this help or is there a better way:

tail -f /tmp/pineap.log > ~/capture.log

 

I have posted another questions here about starting and stopping the probe logging here

Which might help with this questions as I don't have physical access anymore. 

 

 

Link to comment
Share on other sites

Hey, 

 

It is the latest that can be installed through the web interface. I someone knows what file have this I can check through ssh.. only access I have at the moment. 

 

UPDATE: Found version in Banner: 2.4.0

Edited by blueteq
Link to comment
Share on other sites

I have managed to find a work around, not very nice.. but as they say... someone with a little knowledge can be dangerous....

The probe logging started failing after a few minutes, but when I run: 

/usr/bin/pineapple/site_survey 10

The probe requests start coming in again for another few minutes. 

Added this script and to crontab and it runs every 15min kickstarting the probe logging. 

Rebooted now and will monitor it. 

UPDATE: 

So found this in Logread, would it be related: 

Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: authenticated

Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: associated (aid 1)

Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: disassociated

Aug 23 18:00:16 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: authenticated
Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: associated (aid 1)
Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: disassociated
Aug 23 18:00:16 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

 

Edited by blueteq
UPDATING to prevent spamming
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...