监控 WiFi 关联尝试

监控 WiFi 关联尝试

我正在使用 hostapd 创建一个接入点,我想知道是否有任何方法可以让我获取当前或最近的关联尝试的输出。

理想情况下,我希望看到 MAC ID 和任何其他较低级别的信息。我对物理级别的监控更感兴趣,而不是 DHCP。

答案1

在您的 hostapd.conf 中:

# Module bitfield (ORed bitfield of modules that will be logged; -1 = all
# modules):
# bit 0 (1) = IEEE 802.11
# bit 1 (2) = IEEE 802.1X
# bit 2 (4) = RADIUS
# bit 3 (8) = WPA
# bit 4 (16) = driver interface
# bit 5 (32) = IAPP
# bit 6 (64) = MLME
#
# Levels (minimum value for logged events):
#  0 = verbose debugging
#  1 = debugging
#  2 = informational messages
#  3 = notification
#  4 = warning
#
logger_syslog=-1
logger_syslog_level=2

您应该在消息中看到类似这样的日志:

hostapd: wlan0: STA 00:0c:f1:11:57:4e IEEE 802.11: authentication OK (open system) 
 hostapd: wlan0: STA 00:0c:f1:11:57:4e MLME: MLME-AUTHENTICATE.indication(00:0c:f1:11:57:4e, OPEN_SYSTEM)
 hostapd: wlan0: STA 00:0c:f1:11:57:4e MLME: MLME-DELETEKEYS.request(00:0c:f1:11:57:4e) 
 hostapd: wlan0: STA 00:0c:f1:11:57:4e IEEE 802.11: authenticated 
 hostapd: wlan0: STA 00:0c:f1:11:57:4e IEEE 802.11: association OK (aid 1) 
 hostapd: wlan0: STA 00:0c:f1:11:57:4e IEEE 802.11: associated (aid 1)
 hostapd: wlan0: STA 00:0c:f1:11:57:4e MLME: MLME-ASSOCIATE.indication(00:0c:f1:11:57:4e)
 hostapd: wlan0: STA 00:0c:f1:11:57:4e MLME: MLME-DELETEKEYS.request(00:0c:f1:11:57:4e)
 hostapd: wlan0: STA 00:0c:f1:11:57:4e WPA: event 1 notification
 hostapd: wlan0: STA 00:0c:f1:11:57:4e WPA: start authentication
 hostapd: wlan0: STA 00:0c:f1:11:57:4e IEEE 802.1X: unauthorizing port
 hostapd: wlan0: STA 00:0c:f1:11:57:4e WPA: sending 1/4 msg of 4-Way Handshake
 hostapd: wlan0: STA 00:0c:f1:11:57:4e WPA: EAPOL-Key timeout
 hostapd: wlan0: STA 00:0c:f1:11:57:4e WPA: sending 1/4 msg of 4-Way Handshake

答案2

您可以启用控制接口,然后使用内置功能hostapd_cli连接其 UNIX 套接字并发出命令。

hostapd.conf

ctrl_interface=/var/run/hostapd # default path of the socket, can be changed if needed
ctrl_interface_group=wifi # group that will own the socket, can be a name or GID

相关内容