Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: iwlist wlan0 scan returns incomplete Cell 24???

  1. #1
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default iwlist wlan0 scan returns incomplete Cell 24???

    I'm running BT4 pre on a pen drive (live install) and vmware as well(both tested).
    My wifi adapter is a Alfa 36h with r8187 driver
    I have at least 30-40 access points in range at all times.

    Something strange I have noticed:
    when I run, iwlist wlan0 scan
    the results are never larger than 24 cells.
    and the 24th cell is always cut off (incomplete) i.e.
    Code:
              
              Cell 23 - Address: 00:A0:00:00:7D:00
                        ESSID:"<hidden>"
                        Protocol:IEEE 802.11b
                        Mode:Master
                        Channel:1
                        Encryption key:on
                        Bit Rates:11 Mb/s
                        Extra: Rates (Mb/s): 1 2 5.5 11
                        Quality:0  Signal level:0  Noise level:158
                        Extra: Last beacon: 19ms ago
    
              Cell 24 - Address: 00:A0:00:00:7D:00
                        ESSID:"<hidden>"
                        Protocol:IEEE 802.11b
                        Mode:Master
    Never have this cut off issue unless the ap's number higher than 23.
    I have not read any where that iwlist has scan result limitation.

    Having read the iwlist man pages, wiki, and the source code,
    I know this could be a driver issue, as stated in the man pages.
    Could inadequate buffer size be a cause?

    I have searched high and low (here and google) for any one else having posted a similar issue with no success.

    Can anyone verify or reproduce this issue, I know this is a long shot, But I am hopeful some one here is already aware of this issue.

    Any info would be great, as I would like to do some parsing based on the scan results.

    thanks.

    EDIT: tested thus far.
    Tested against airodump, iwlist gives incomplete results. i.e.
    37 ap's via airodump and iwlist refuses to properly list anything over Cell 23.

    It appears that the wicd manager uses iwlist for generating its ap list, if the ap' number more than 24-25
    then wicd manager becomes unstable. Mine freezes up.

    Tried limiting the output of iwlist without success (see 2nd & 3rd post).

    Checked iwlist.c for a timer, there is not one, thought maybe a timer could cut off the results before the had time to complete.

    I am leaning towards a buffer issue as the cause.
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

  2. #2
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default

    Just out of interest (as I dont have that many APs my crappy card can pick up) have you tried
    to limit the iwlist output to see if that gives more cells ?

    For instance ;

    Code:
    iwlist wlan0 scanning | egrep 'Channel|Address|ESSID|Encryption'

    The above should give you the info that you would normally find relevant, but not use up as much 'space'

    Have no idea whether that makes any difference or not, but possibly interesting to check.

  3. #3
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default

    Thanks for the reply Tape, I had not thought of greping the command...
    Code:
    iwlist wlan0 scanning | egrep 'Channel|Address|ESSID|Encryption'
    My output:
    Code:
              Cell 23 - Address: 00:A0:F8:00:00:F2
                        ESSID:"<hidden>"
                        Channel:11
                        Encryption key:on
              Cell 24 - Address: 00:1F:00:00:22:0C
                        ESSID:"H&H"
    still no luck.
    I am starting to think iwlist has a buffer issue.
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

  4. #4
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default

    Have done some googling and cant seem to find much other than what you already stated ; possible driver / buffer

    Any chance you could use the output of airodump instead ?

    Otherwise have to wait for wiser men to comment !

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Can you not scroll up and down in the shell?
    If that does not work try using pipe to more or something. That might work.
    #command | more or | less

    And remember less is more and more is less.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default

    Quote Originally Posted by archangel.amael View Post
    Can you not scroll up and down in the shell?
    If that does not work try using pipe to more or something. That might work.
    #command | more or | less

    And remember less is more and more is less.
    Morning, I can scroll up and down in the shell, but iwlist just stops outputting half way through cell 24. i.e.
    Code:
              Cell 23 - Address: 00:A0:00:57:00:08
                        ESSID:"<hidden>"
                        Protocol:IEEE 802.11b
                        Mode:Master
                        Channel:1
                        Encryption key:on
                        Bit Rates:11 Mb/s
                        Extra: Rates (Mb/s): 1 2 5.5 11
                        Quality:0  Signal level:0  Noise level:158
                        Extra: Last beacon: 479ms ago
              Cell 24 - Address: 00:00:F8:00:00:18
                        ESSID:"rjjrjg14"
                        Protocol:IEEE 802.11b
    
    root@BT4:~#
    I am shorting the results here and only posting the last two cells.

    I will try piping the command and report back. Also, I will try to compare the bytes that get output from several scans. If every scan has the same size in bytes, I think it is safe to assume, that the buffer size is set to small.
    May even try increasing the buffer sizes in iwlist.c and recompile it.

    Quote Originally Posted by =TAPE= View Post
    Any chance you could use the output of airodump instead ?
    Using airodump should work, I guess I could try counting the number of aps it list for comparison.
    EDIT: airodump reports 37 ap's, I could use airodump instead of iwlist for my parsing, but my scan time will increase dramatically.
    This is a possible work around, thanks TAPE


    Thanks Tape and archangel.amael for your time and assistance.

    EDIT: just a side note, I believe wicd is using iwlist. If this is the case, it could explain why wicd is freezing up on me.
    I am writing my own because wicd freezes and locks up all the time.
    Plus, I wanted to have a light weight, fast wifi manager that didn't have many dependencies, a fairly simple task in a bash script.
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

  7. #7
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default

    What exactly do you want to accomplish with the iwlist scan results ?

    When I was trying to create a list of SSIDs based on airodump results, with a bit of help
    (*cough* gitsnik *cough*) came up with the below;


    Code:
    grep SSID test.nettxt | egrep -v 'BSSID|SSID [0-9]' | cut -c 18- | sed 's/"//g' | sed 's/ *$//g' | sort -fu > ssid.txt
    Perhaps you could modify the above on an airodump capture to suit your needs ?

  8. #8
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default

    Quote Originally Posted by =TAPE= View Post
    What exactly do you want to accomplish with the iwlist scan results ?
    I am writing a shell script to act as a fast, light, wifi manager. My script currently:

    • checks iface state and brings the card up if needed
    • parses the iwlist scan results
    • checks if user input is valid
    • checks if ap selected is encrypted, if so, It looks in the key file for the key. This is done via ap mac address comparison. If no key found, it asks for the key then writes the input key to a file so it can connect the next time automatically, without user input.
    • then it makes the connection


    Quote Originally Posted by =TAPE= View Post
    Perhaps you could modify the above on an airodump capture to suit your needs ?
    I sure could, the only draw back is airodump is slow to produce scan results.
    many thanks TAPE.

    I will continue to see if I can figure out why iwlist is doing what it is.
    EDIT: check first post for a update of my testing.
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Nothing wrong with what you are doing but it's probably not the best way.

    As for iwlist check to make sure you have the latest available version.
    It should already be. But at any rate according to Jean the buffer is dynamically set, so that means it will expand and contract according to the information that is received from scan results.
    But there is a limit to this considering that one may not know the array size.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Default

    Quote Originally Posted by archangel.amael View Post
    Nothing wrong with what you are doing but it's probably not the best way.
    Could you recommend a better solution?
    I am open to any alternatives.

    Quote Originally Posted by archangel.amael View Post
    But at any rate according to Jean the buffer is dynamically set, so that means it will expand and contract according to the information that is received from scan results.
    I believe you are correct here as far as the scanning buffer is concerned.
    But he does not use dynamic allocation through out, for example some of the print functions , this could cause some issues. From what I can tell (I'm not an excellent coder), His print_ap_info function uses dynamic allocation, but it does not actually do the printing to the screen. This print_ap_info function is call from print_ap_devices function to do the printing to the screen which does not use dynamic allocation. If the char's stored in the dynamically allocated print_ap_info buffer exceed the buffer size set in the calling print_ap_devices function then you run out of space.
    Reference:wireless_tools.rar iwlist.c
    Please correct me if I am wrong here.
    "A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •