iwlist wlan0 scan returns incomplete Cell 24???
I'm running BT4 pre on a pen drive (live install) and vmware as well(both tested).
My wifi adapter is a Alfa 36h with r8187 driver
I have at least 30-40 access points in range at all times.
Something strange I have noticed:
when I run, iwlist wlan0 scan
the results are never larger than 24 cells.
and the 24th cell is always cut off (incomplete) i.e.
Never have this cut off issue unless the ap's number higher than 23.Code:Cell 23 - Address: 00:A0:00:00:7D:00 ESSID:"<hidden>" Protocol:IEEE 802.11b Mode:Master Channel:1 Encryption key:on Bit Rates:11 Mb/s Extra: Rates (Mb/s): 1 2 5.5 11 Quality:0 Signal level:0 Noise level:158 Extra: Last beacon: 19ms ago Cell 24 - Address: 00:A0:00:00:7D:00 ESSID:"<hidden>" Protocol:IEEE 802.11b Mode:Master
I have not read any where that iwlist has scan result limitation.
Having read the iwlist man pages, wiki, and the source code,
I know this could be a driver issue, as stated in the man pages.
Could inadequate buffer size be a cause?
I have searched high and low (here and google) for any one else having posted a similar issue with no success.
Can anyone verify or reproduce this issue, I know this is a long shot, But I am hopeful some one here is already aware of this issue.
Any info would be great, as I would like to do some parsing based on the scan results.
thanks.
EDIT: tested thus far.
Tested against airodump, iwlist gives incomplete results. i.e.
37 ap's via airodump and iwlist refuses to properly list anything over Cell 23.
It appears that the wicd manager uses iwlist for generating its ap list, if the ap' number more than 24-25
then wicd manager becomes unstable. Mine freezes up.
Tried limiting the output of iwlist without success (see 2nd & 3rd post).
Checked iwlist.c for a timer, there is not one, thought maybe a timer could cut off the results before the had time to complete.
I am leaning towards a buffer issue as the cause.
"A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee
Just out of interest (as I dont have that many APs my crappy card can pick up) have you tried
to limit the iwlist output to see if that gives more cells ?
For instance ;
Code:iwlist wlan0 scanning | egrep 'Channel|Address|ESSID|Encryption'
The above should give you the info that you would normally find relevant, but not use up as much 'space'
Have no idea whether that makes any difference or not, but possibly interesting to check.
Thanks for the reply Tape, I had not thought of greping the command...
My output:Code:iwlist wlan0 scanning | egrep 'Channel|Address|ESSID|Encryption'
still no luck.Code:Cell 23 - Address: 00:A0:F8:00:00:F2 ESSID:"<hidden>" Channel:11 Encryption key:on Cell 24 - Address: 00:1F:00:00:22:0C ESSID:"H&H"
I am starting to think iwlist has a buffer issue.
"A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee
Have done some googling and cant seem to find much other than what you already stated ; possible driver / buffer
Any chance you could use the output of airodump instead ?
Otherwise have to wait for wiser men to comment !
Can you not scroll up and down in the shell?
If that does not work try using pipe to more or something. That might work.
#command | more or | less
And remember less is more and more is less.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Morning, I can scroll up and down in the shell, but iwlist just stops outputting half way through cell 24. i.e.Originally Posted by archangel.amael
I am shorting the results here and only posting the last two cells.Code:Cell 23 - Address: 00:A0:00:57:00:08 ESSID:"<hidden>" Protocol:IEEE 802.11b Mode:Master Channel:1 Encryption key:on Bit Rates:11 Mb/s Extra: Rates (Mb/s): 1 2 5.5 11 Quality:0 Signal level:0 Noise level:158 Extra: Last beacon: 479ms ago Cell 24 - Address: 00:00:F8:00:00:18 ESSID:"rjjrjg14" Protocol:IEEE 802.11b root@BT4:~#
I will try piping the command and report back. Also, I will try to compare the bytes that get output from several scans. If every scan has the same size in bytes, I think it is safe to assume, that the buffer size is set to small.
May even try increasing the buffer sizes in iwlist.c and recompile it.
Using airodump should work, I guess I could try counting the number of aps it list for comparison.
EDIT: airodump reports 37 ap's, I could use airodump instead of iwlist for my parsing, but my scan time will increase dramatically.
This is a possible work around, thanks TAPE
Thanks Tape and archangel.amael for your time and assistance.
EDIT: just a side note, I believe wicd is using iwlist. If this is the case, it could explain why wicd is freezing up on me.
I am writing my own because wicd freezes and locks up all the time.
Plus, I wanted to have a light weight, fast wifi manager that didn't have many dependencies, a fairly simple task in a bash script.
"A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee
What exactly do you want to accomplish with the iwlist scan results ?
When I was trying to create a list of SSIDs based on airodump results, with a bit of help
(*cough* gitsnik *cough*) came up with the below;
Perhaps you could modify the above on an airodump capture to suit your needs ?Code:grep SSID test.nettxt | egrep -v 'BSSID|SSID [0-9]' | cut -c 18- | sed 's/"//g' | sed 's/ *$//g' | sort -fu > ssid.txt
I am writing a shell script to act as a fast, light, wifi manager. My script currently:
- checks iface state and brings the card up if needed
- parses the iwlist scan results
- checks if user input is valid
- checks if ap selected is encrypted, if so, It looks in the key file for the key. This is done via ap mac address comparison. If no key found, it asks for the key then writes the input key to a file so it can connect the next time automatically, without user input.
- then it makes the connection
I sure could, the only draw back is airodump is slow to produce scan results.
many thanks TAPE.
I will continue to see if I can figure out why iwlist is doing what it is.
EDIT: check first post for a update of my testing.
"A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee
Nothing wrong with what you are doing but it's probably not the best way.
As for iwlist check to make sure you have the latest available version.
It should already be. But at any rate according to Jean the buffer is dynamically set, so that means it will expand and contract according to the information that is received from scan results.
But there is a limit to this considering that one may not know the array size.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Could you recommend a better solution?
I am open to any alternatives.
I believe you are correct here as far as the scanning buffer is concerned.
But he does not use dynamic allocation through out, for example some of the print functions , this could cause some issues. From what I can tell (I'm not an excellent coder), His print_ap_info function uses dynamic allocation, but it does not actually do the printing to the screen. This print_ap_info function is call from print_ap_devices function to do the printing to the screen which does not use dynamic allocation. If the char's stored in the dynamically allocated print_ap_info buffer exceed the buffer size set in the calling print_ap_devices function then you run out of space.
Reference:wireless_tools.rar iwlist.c
Please correct me if I am wrong here.
"A teacher is never a giver of truth; he is a guide, a pointer to the truth that the student must discover for himself." - Bruce Lee
Posting Permissions
