Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signal strength for surrounding wifis #133

Closed
RaduNico opened this issue Aug 6, 2020 · 5 comments
Closed

Signal strength for surrounding wifis #133

RaduNico opened this issue Aug 6, 2020 · 5 comments

Comments

@RaduNico
Copy link

RaduNico commented Aug 6, 2020

Is there a way to display the signal strength for surrounding wifis during do_rcascan?

I am currently trying to make a tool similar to wifite to automate attacks on wifis and I am trying to remove the need for aircrack (in this case airodump-ng) as much as possible.
@ZerBea
Copy link
Owner

ZerBea commented Aug 6, 2020
edited
Loading

No. And it is not planed to add this, because RSSI is a relative, one way value calculated by the firmware.
We are packet oriented. The important value is the HIT count.
count = packets received from the AP
hit = responded packets from the AP
This works in both directions (hcxdumptool -> AP, AP -> hcxdumptool) while RSSI shows only one direction (AP -> airodump-ng).
In other words:
We can have a good RSSI of -70dBm, but the AP doesn't hear us.
We can have a poor RSSI of -90dBm and the AP hear us perfect.

Read more here:
https://www.metageek.com/training/resources/understanding-rssi.html
https://en.wikipedia.org/wiki/Fresnel_zone
https://en.wikipedia.org/wiki/Reflection_phase_change

If you really need RSSI you can use tshark on hcxdumptool's pcapng file:
$ tshark -r dump.pcapng -T fields -e wlan.sa -e wlan_radio.signal_dbm
hcxdumptool is compatible to tshark and Wireshark default format (pcapng).

@RaduNico
Copy link
Author

RaduNico commented Aug 6, 2020

Thank you for taking your time to explain your perspective and for the alternative solution.
This solves my issue

@RaduNico RaduNico closed this as completed Aug 6, 2020
@ZerBea
Copy link
Owner

ZerBea commented Aug 6, 2020

airodump-ng is a passive dumper. From that point it is fine to sort by the highest RSSI.
hcxdumptool is active. If we don't reach the target, the attack is useless.
You can calculate the ratio counts/hits to get an average value. hcxdumptool --check_injection is doing that, too

$ sudo hcxdumptool -i wlp3s0f0u2 --check_injection
initialization...
starting packet injection test (that can take up to two minutes)...
packet injection is working!
ratio: 286 to 153 

terminating...

Round about 46,5% packet loss. Not so bad, because hcxdumptool is able to request lost packets.

@ZerBea ZerBea mentioned this issue Dec 25, 2020
Closed
@ZerBea
Copy link
Owner

ZerBea commented Jan 3, 2021

By latest commit, I added some new features to rcascan.
Now the ACCESS POINT with the highest hit rate (PROBERESPONSE) is on top of the ranking:
7891101

A new option (rcascan_max) will limit the status of rcascan to n ACCESS POINTs with the highest hit rate:
e1bacb9

@ZerBea
Copy link
Owner

ZerBea commented Jan 16, 2021

I decided to add RSSI information to rcascan output:

 BSSID          CH RSSI COUNT   HIT ESSID           injection ratio:  45% [18:11:28]
-------------------------------------------------------------------------------------

Sometimes you'll see that you have a low RSSI but many HITs or a high RSSI and less HITs.
I strongly recommend to direct the antenna by HITs, because you can't trust RSSI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ZerBea @RaduNico