Jump to content
Hak5 Forums
blueteq

Monitoring Unassociated Clients

Recommended Posts

blueteq   

Hi, over the weekend I resurrected an old Mark V Pineapple which had some bad firmware...  in anticipation of the Tetra which is on its way. 

We doing a project for a client where they want to count the number of people in a shopping area by counting the number of devices in range of an AP looking to connect to some SSID. We just need a list of client addresses trying to connect with time and date. The client in an effort to save cost will build reports on the data. 

One of the Tetra features is, Device tracking and alerting so hoping that will do it out of the box. 

We looked at commercial solutions like Euclid but as mentioned ... they don't have a crazy budget. 

Any other ideas would be great. 

Thanks

Share this post


Link to post
Share on other sites
Sebkinne   
29 minutes ago, blueteq said:

Hi, over the weekend I resurrected an old Mark V Pineapple which had some bad firmware...  in anticipation of the Tetra which is on its way. 

We doing a project for a client where they want to count the number of people in a shopping area by counting the number of devices in range of an AP looking to connect to some SSID. We just need a list of client addresses trying to connect with time and date. The client in an effort to save cost will build reports on the data. 

One of the Tetra features is, Device tracking and alerting so hoping that will do it out of the box. 

We looked at commercial solutions like Euclid but as mentioned ... they don't have a crazy budget. 

Any other ideas would be great. 

Thanks

It would be smarter to just enable "Log Probes" in the PineAP module, and then download and parse the PineAP log.

  • Upvote 1

Share this post


Link to post
Share on other sites
blueteq   

Awesome thanks so much Sebkinne, will take a look. Sounds easier than the other option. 

 

And Tetra arrived today!! I am pineappled out! 

Share this post


Link to post
Share on other sites
blueteq   

Just an update, we turned on the project today and it worked great, however the pineap.log only seem to be for the last hour? is this correct? How would I capture a full day activities? 

I assume the log clears itself? Will this help or is there a better way:

tail -f /tmp/pineap.log > ~/capture.log

 

I have posted another questions here about starting and stopping the probe logging here

Which might help with this questions as I don't have physical access anymore. 

 

 

Share this post


Link to post
Share on other sites
blueteq   

Not sure if I edit my last post, but after a full day of scanning we found it logs probe requests for 10min and then stops? Restart fixes it but cannot restart every 10min?

Any ideas. 

Share this post


Link to post
Share on other sites
blueteq   

Hey, 

 

It is the latest that can be installed through the web interface. I someone knows what file have this I can check through ssh.. only access I have at the moment. 

 

UPDATE: Found version in Banner: 2.4.0

Edited by blueteq

Share this post


Link to post
Share on other sites
blueteq   

I have managed to find a work around, not very nice.. but as they say... someone with a little knowledge can be dangerous....

The probe logging started failing after a few minutes, but when I run: 

/usr/bin/pineapple/site_survey 10

The probe requests start coming in again for another few minutes. 

Added this script and to crontab and it runs every 15min kickstarting the probe logging. 

Rebooted now and will monitor it. 

UPDATE: 

So found this in Logread, would it be related: 

Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: authenticated

Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: associated (aid 1)

Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: disassociated

Aug 23 18:00:16 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: authenticated
Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: associated (aid 1)
Aug 23 18:00:15 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: disassociated
Aug 23 18:00:16 Pineapple daemon.info hostapd: wlan0: STA 70:8a:09:21:42:22 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

 

Edited by blueteq
UPDATING to prevent spamming

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×