horst
“horst” is a small, lightweight IEEE802.11 wireless LAN analyzer with a text interface. Its basic function is similar to tcpdump, Wireshark or Kismet, but it’s much smaller and shows different, aggregated information which is not easily available from other tools. It is mainly targeted at debugging wireless LANs with a focus on ad-hoc (IBSS) mode in larger mesh networks. It can be useful to get a quick overview of what’s going on on all wireless LAN channels and to identify problems.
- Shows signal (RSSI) values per station
- Calculates channel utilization (“usage”) by adding up the amount of time the packets actually occupy the medium
- “Spectrum Analyzer” shows signal levels and usage per channel
- Graphical packet history, with signal, packet type and physical rate
- Shows all stations per ESSID and the live TSF per node as it is counting
- Detects IBSS “splits” (same ESSID but different BSSID – this is a common driver problem)
- Statistics of packets/bytes per physical rate and per packet type
- Has some support for mesh protocols (OLSR and batman)
- Can filter specific packet types, source addresses or BSSIDs
- Client/server support for monitoring on remote nodes
“horst” is a Linux program and can be used on any wireless LAN monitor interface. The latest version is 4.2 from Oct 1 2014.
Screenshots
Download
- horst-4.2.tar.gz – Stable release version 4.2 (Oct 2014)
- horst-git.tar.gz – Latest development version (usually stable)
Usage notes
With most standard Linux (mac80211) drivers you can use the ‘iw’ command to add a monitor interface while you can continue to use the existing interface:
iw wlan0 interface add mon0 type monitor
Please note that while the main interface (wlan0) is connected, the wifi driver does not allow horst to change the channel because it would disrupt connectivity. This is one of the main FAQ on horst. If you want horst to be able to change channels (horst -s or “channel_scan” option) you need to have only monitor interfaces. This is how to set an existing interface to monitor mode and a specific channel:
iw wlan0 set type monitor ifconfig wlan0 up iw wlan0 set channel 6
If you need to use the deprecated WEXT interface can put the interface into monitor mode like this:
iwconfig wlan0 mode monitor channel X
After you have your card in monitor mode you can start horst as root:
sudo horst -i mon0
To use the client/server mode to do remote monitoring over the network you can start a server (-q without a user interface) with
horst -i wlan0 -C -q
and connect a client with
horst -c IP
Only one client is allowed at a time.
To go straight into “Spectrum Analyzer” mode (please see the above notes about changing channels) you can start horst with -s:
horst -s
Please read the man page for more details about the output and abbreviations. It should be be part of your distribution package, but you can do this in the source code locally with:
man -l horst.1
Changelog
Version 4.3 (not yet released!)
- Added support for configuration file
- Renamed command line options: -C is now -N for network server mode, and -c is -n for network client. -c is used for specifying the configuration file now.
- -x multiple commands now have to be separated by “;” instead of “:”
- Support 3 digit channel numbers (upper 5GHz band)
Version 4.2 (1.10.2014)
- Fixed current Usage and thruput status bars
- Added -u option for setting the upper channel limit
Version 4.1 (26.09.2014)
- Removed SNR and Noise, since there is no reliably way to get these on a per-packet basis. Now just work with the Signal (RSSI) values the driver reports, as that’s all we really have.
- Added -D option for full debug output
- Bugfix “signed char” for ARM platforms
- Bugfix for channel flags
- Bugfix for false IBSS split detection for APs
Version 4.0 (01.08.2014)
- Added 802.11n support (MCS rates, packet types)
- Added batman-adv support (v14)
- Added named pipe as control interface (-X -x)
- Added Mode filter option (-m)
- Added Packet filter option (-o)
- Add man page
- Show but otherwise ignore frames with bad FCS
- Show ESSID and WPA status for stations
- WPA and RSN parsing and display
- Improved formatting of main node list
- Review of 802.11-2012 packet types
- Improved Radiotap parsing using radiotap.org library
- Handle SIGTERM and SIGHUP
- Support compilation on Mac OSX
- More robust ESSID string handling
- Fixed parallel building
- Fixed “stack smashing” bug
- Fixed window resizing bug
- Fixed quiet mode (-q)
Development
Please contact me at (br1 at einfach dot org) if you have any problems or questions. New feature ideas, patches and feedback is always welcome. Rudimentary support for Mac OSX and other BSD clones can be achieved by compiling with make PCAP=1, but this is not tested much.
git clone git://br1.einfach.org/horst
Please create GitHub issues or send e-mail for problem reports and support, instead of posting comments below!
But I have one question. What if I have a very large amount of csv file which was generated by Airodump-ng while i was running mon0 on the wifi network. I have done Access Point mapping and collected so many SSID,
Hidden Network etc.. Till now I have only found this web based service which will provide us to visualize all the wireless network by category and we can also filter all the mac address, channel, Privacy etc..
I’m Only Interested in Open Access Point and Hidden APs. Have a look. And Please let me know if you know any other services like this:
Here I have shared my sample:- http://bit.ly/1Nbfgm6
In my sample file you can see I have lots of hidden wireless network.
[...] des Netzes zu verbessern. Man kann z.B. Antennen selber bauen oder mit Tools wie Horst nach optimalen Standorten suchen. Wissen um die Theorie und Praxis von Antennen ist immer [...]
Hello,
Is it possible to enable channel hopping for horst?
Best regards,
(email hidden)
Yes, just use the -s option or hit ‘c’ and ‘a’ (Automatically change channel). With latest git version you can also set the config file option channel_scan.
What’s the appropriate way to enable channel changing with mac802.11 under Linux? If I try to enable channel hopping then I get errors. Both on my iwlwifi on my latop and with an ar71xx under openWRT barrier breaker.
I can change the channel manually but can’t seem to make horst able to do it.
[...] like to say that horst is a monitor that ranks among the best, but I should probably tone that down just a little, and say [...]
[...] like to say that horst is a monitor that ranks among the best, but I should probably tone that down just a little, and say [...]
Hi People, I’m a noob but want to learn.
I downloaded the tar.gz file and did “make” without errors.
Now I try to run the command but my linaro box says “-bash: horst: command not found”
What am I doing wrong? I’m in the directory where I did make.
Run it as
./horst. The reason is that “linux” (bash) by default only looks for programs in standard paths, such as /bin/, /usr/bin, /usr/sbin and not in the current working directory. The current directory is indicated by the “./” part of “./horst“. The next thing is that you probably need to run horst as root, so you’d need to run it as “sudo ./horst” where “sudo” says “do it as root”That works much better!
Thanks for the help!
It looks great!
I was wondering if my connection is disabled when I put it in monitor mode?
That depends. If you add an interface with “
iw wlan0 interace add mon0 type monitor” then your connection will stay active. If you change the mode of your active interface to monitor with “iw wlan0 set type monitor” your connection will be lost and the device just a passive monitor.[...] encrypted-text should be gathered to attack on it ( kind of software, e.g. something like horst, but more broad [...]
Hi there
Any hints as to why I cannot compile on OS X 10.10 ?
iMacAlex:horst thomas$ cc -v
Apple LLVM version 6.0 (clang-600.0.54) (based on LLVM 3.5svn)
Target: x86_64-apple-darwin14.0.0
Thread model: posix
iMacAlex:horst thomas$ make PCAP=1
echo ‘-Wall -Wextra -g -I. -DPCAP’ | cmp -s – .buildflags || echo ‘-Wall -Wextra -g -I. -DPCAP’ > .buildflags
cc -o horst main.o capture-pcap.o protocol_parser.o protocol_parser_wlan.o network.o wext.o node.o essid.o channel.o util.o wlan_util.o ieee80211_util.o listsort.o average.o display.o display-main.o display-filter.o display-help.o display-statistics.o display-essid.o display-history.o display-spectrum.o display-channel.o control.o radiotap/radiotap.o -lncurses -lm -lpcap
Undefined symbols for architecture x86_64:
“_channel_find_index_from_freq”, referenced from:
_handle_packet in main.o
“_channel_get_chan_from_idx”, referenced from:
_handle_packet in main.o
_update_spectrum_win in display-spectrum.o
“_channel_get_current_chan”, referenced from:
_update_mini_status in display.o
_update_channel_win in display-channel.o
“_channel_get_struct”, referenced from:
_net_send_chan_list in network.o
“_channel_init”, referenced from:
_main in main.o
“_channel_set”, referenced from:
_net_receive_chan_list in network.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [horst] Error 1
iMacAlex:horst thomas$
Should be fixed now in git…
Dear Horst
What a fantastic tool. Thanks.
Is there any way I can make my own client listening to ‘horst’ on for example port 4444 ? Is this stream documented ?
The reason is that I would like to parse some of the data, without necessarily having a horst in client mode outputting a file stream first.
Thanks again!
Sorry, there is no documentation except the source code. Should be pretty easy though, check network.c struct net_packet_info…
I am running Kali Linux and can seem to get Horst running. Does anyone have any step by step instruction. Getting error when using the make command. Thanks.
Perhaps you need to install nurses-dev or libncurses-dev? What error message are you getting ?
This program is really awesome. I appreciate your work and, of course, small is beautiful! I use it on Raspberry, which can probe wifi environment on remote site(s). Then horst client can be run from home workstation… I love it.
Can you update the README with instructions on compiling on Mac OSX?
when I did this
“horst -i mon0 -o file.txt -q ” I’m getting seg fault. It works fine when i did without “-q” option.
It would be great if you can help with this. Thanks
Please try with the latest git version, that one should work.
Thank you. Git version fixed the issue.
[...] at http://br1.einfach.org wrote the little text-based monitor program called horst, which only requires changing the mode of the Wi-Fi card on your Linux machine. Most modern Wi-Fi [...]
i’m about to write simple source like this tool, but i’m a newbie. is there simple script much smaller and easy to understand?
hi,
thank you very much for horst! without it, it’s a pain to adjust antennas properly.
first thing i do on every new mesh device is installing horst!
keep up the good work!
chris
I want to run horst on an OpenWRt router.
# ifconfig wl0 down // run ok
# ifconfig wl0 up // run ok
but
# iw dev wl0 interface add mon0 type monitor
command failed: No such device (-19)
what is wrong with it ?
I update the iw from 2.2 to 3.1 (iw_3.10-1_brcm63xx.ipk), but got same “No such device ”
Could you pls give any clue.
Try:
iw phy0 interface add mon0 type monitor
【iw phy0 interface add mon0 type monitor 】 does not work。
and i find some clue.
likely the wl0 working with nas ? nas was killed , wireless wifi gone.
root@RutianBox:/dev# ps aux |grep wl0
11819 root 956 S /usr/sbin/nas -P /var/run/nas.wl0.pid -H 34954 -i wl0
where can I find the devcie name ?
Try:
# iw dev
This will list your availlable devices.
‘iw’ is a nice and mighty tool. I suggest to read the doc at
http://wireless.kernel.org/en/users/Documentation/iw
b.t.w.: ‘horst’ is a nice tool too. Thank you ‘br1′
If your Wi-Fi interface is down, you cannot make it as monitor mode interface. Make it up and then as monitor mode interface (mon0).
And also after making mon0 as monitor interface, Please make it up “ifconfig mon0 up”.
[...] horst is a small and lightweight wireless LAN analyzer. This tool is able shows different, aggregated information which is not easily available from other tools like kismet or wireshark. [...]
Hallo,
habe einen Lenovo Thinkpad T520 mit einem mac80211 kompatiblen WLAN interface
unter Ubuntu LTS 12.04.
Wenn ich horst starte, kommt die Meldung
Wrong monitor type! Please use radiotap or prism2 headers
Muß ich beim monitor mode noch einen Parameter setzen?
Danke, Jörg
Normalerweise reicht:
iw wlan0 interface add mon0 type monitorOder
iwconfig wlan0 mode monitorSorry, gelöst.
Monitor mode hatte Konflikt mit dem Ubuntu Netmanager.
Untick “Enable wireless” und er hat das WLAN in Ruhe gelassen :-)
Danke, Jörg
I assume that the batman support currently on horst is for layer3 and not batman-adv (layer2). Am i correct ?
If so; are there any plans to add some batman-adv support ?
Currently no plans, but patches are welcome ;)
Hi,
ich habe horst installiert und der monitor mode funktioniert einwandfrei – Danke!
Nun versuche ich die gesammelten Packets in eine Datenbank zu speichern. Gibt es in horst eine Funktion, die Pakets in ein datenbankfreundliches Format (e.g. JSON) umzuwandeln oder in C oder Python auf das Plugin zuzugreifen?
Danke,
Chris
Schau Dir mal in main.c die funktionen
write_to_file(struct packet_info* p)
handle_packet(struct packet_info* p)
an, da koenntest Du das glaub ich ganz einfach einbauen…
Python plugin support etc… gibt es in horst nicht, ist ja ein ganz kleines einfaches Programm.
Viel Erfolg! Und bitte gibt Bescheid, wenn Du allgemein brauchbare Ergbenisse hast, dann wuerde ich das gerne mergen.
[...] Si lo desean, puedes instalar el paquete desde las fuentes desde la pagina oficial [...]
It it possible to run this app on Nokia N900 ?
Nope.
I am testing horst on openwrt, but it seems it is not aware of 802.11n rates, I am actually trasferring packets at 4MByte/s but horst sees only 1Mbit packets and some at 11Mbit, am i doing something wrong or support for MCS rate is not implemented yet?
sorry, 802.11n is not implemented yet, but will be coming soon…
early 802.11n support is available in the git now
Many thanks! It is already available on OpenWRT ? I am impatient of testing it :)
Dear Sir/Madam,
I would like to install and use horst. But unfortunately in the make process, I face the following error. I would be pleased is you could give me a hint.
[root@ /tmp/horst-3.0]# make
“Makefile”, line 32: Missing dependency operator
“Makefile”, line 35: Need an operator
Error expanding embedded variable.
Kind regards,
[...] http://br1.einfach.org/tech/horst/ [...]
[...] sid: sudo apt install horst Si lo desean, puedes instalar el paquete desde las fuentes desde la pagina oficial Share this:TwitterFacebookMe gusta:Me gustaSe el primero en decir que te [...]
Lovely application, working as expected. Thank you!
Would horst work for embedded Broadcom WiFi devices, e.g. BCM4329/BCM4330, which are in many Android phones?
I guess so, if it’s a mac80211 driver for sure.
Emailed you on more details.
4329 is handled by brcmfmac, a full mac device.
[...] 转载 分类: 无线安全 标签: 评论 (0) Trackbacks (0) 发表评论 Trackback [...]
[...] HomePage:http://br1.einfach.org/tech/horst/ “Horse” is a small, lightweight IEEE802.11 wireless LAN analyzer with a text interface. [...]
Hello Burno,
This tool looks very useful to me since I am working on mesh testbed, and I had a problem with the cell-ID split. Unfortunately, I new user in linux and I don’t have enough experience. So when I tried to run the tool on the mesh nodes by using the parameters, I don’t get the same results that are shown in the provided screenshots.The mesh nodes equipped with Wistron CM9 WLAN 802.11a/b/g mini‐PCI wireless cards and madwifi‐0.9.4 driver installation.
when I used the ./horst -s command for the Spectrum Analyzer , I got a segmentation fault error. I put the library in the same horst folder but I got the same error. So I would like to know if I should install a program for the drawing since I’m using the command line for executing the horst tool commands. one more thing, I noticed in the horst folder that it contains .c files with it’s libraries and I would like to understand if the parameters that are in the help match those c files or should I compile those .c files to get the results.
this is the output I got :
index 7
ARPTYPE 803
Channel 01: 241200000MHz
Channel 02: 241700000MHz
Channel 03: 242200000MHz
Channel 04: 242700000MHz
Channel 05: 243200000MHz
Channel 06: 243700000MHz
Channel 07: 244200000MHz
Channel 08: 244700000MHz
Channel 09: 245200000MHz
Channel 10: 245700000MHz
Channel 11: 246200000MHz
Channel 36: 518000000MHz
Channel 40: 520000000MHz
Channel 42: 521000000MHz
Channel 44: 522000000MHz
Channel 48: 524000000MHz
Channel 50: 525000000MHz
Channel 52: 526000000MHz
Channel 56: 528000000MHz
Channel 58: 529000000MHz
Channel 60: 530000000MHz
Channel 64: 532000000MHz
Channel 149: 574500000MHz
Channel 152: 576000000MHz
Channel 153: 576500000MHz
Channel 157: 578500000MHz
Channel 160: 580000000MHz
Channel 161: 580500000MHz
Channel 165: 582500000MHz
FREQ 242200000 1
***-1
0000 1a00 6f18 0000 a376 6bb7 7df9 ffff
1202 7609 8004 afa6 0209 5008 3a01 001b
b100 d33b 000b 6bdf f7fb 021b b100 d357
700b 1d74 6bb7 7df9 ffff 6400 2200 0004
4d41 5155 0108 8284 8b0c 1296 1824 0301
0106 0200 0007 064e 4149 010b 1b20 0100
2a01 0032 0430 4860 6cdd 1800 50f2 0201
0180 0002 a440 0027 a400 0042 435e 0062
322f 0055 381a 34
RADIOTAP HEADER
len: 135
radiotap header len: 26
0000186f
1[+8]1[flags 12 shortpre]1[rate 2]1[freq 2422 chan 3G]01[sig af]1[noi
a6]00001[+1]1[snr 9]
rate: 2
signal: -81
noise: -90
snr: 9
before parse 80211 len: 109
len 109 hdrlen 24
wlan_type 850 – type 0 – stype 50
PROBRP
MGMT SEQ 2928
ESSID MAQU
CHAN 1
SA 00:0b:6b:df:f7:fb
DA 00:1b:b1:00:d3:3b
BSSID 02:1b:b1:00:d3:57
node adding
no erp
DUR mode 64, len 109, rate 10, shortpre 1 shortslot 0 type 50 UP 0
CCK
DUR DIFS
CW min 4 max 1023 ret 0 = 15
DUR 1200
SPEC node adding 0x805d008
Segmentation fault (core dumped)
Thanks for your help in advance.
hi — compile with “make DEBUG=0″
Hi:
Firstly,thank you for your great work on horst.I want to capture wifi client’s infomation when he scanning the network,just when he scanning ,not connecting.Everything is ok ,except the signal level.Signal level and the noise is always 0,and the snr is always 95.Below is the output data.
PROBRQ, ec:55:f9:1d:56:14, ff:ff:ff:ff:ff:ff, ff:ff:ff:ff:ff:ff, 22, 0, 0, 95, 119, 2, 0000000000000000, TP-LINK_442A66, 8, 0, 0, 0.0.0.0, 0.0.0.0, 0, 0, 0
PROBRQ, ec:55:f9:1d:56:14, ff:ff:ff:ff:ff:ff, ff:ff:ff:ff:ff:ff, 22, 0, 0, 95, 105, 2, 0000000000000000, , 8, 0, 0, 0.0.0.0, 0.0.0.0, 0, 0, 0
PROBRP, 00:1f:a3:9b:0f:65, ec:55:f9:1d:56:14, 00:1f:a3:9b:0f:65, 22, 0, 0, 95, 101, 2, 0000000000000000, OpenWrt, 1, 11, 1, 0.0.0.0, 0.0.0.0, 0, 0, 0
PROBRP, 00:1f:a3:9b:0f:65, ec:55:f9:1d:56:14, 00:1f:a3:9b:0f:65, 22, 0, 0, 95, 101, 2, 0000000000000000, OpenWrt, 1, 11, 1, 0.0.0.0, 0.0.0.0, 0, 0, 0
PROBRQ, 00:26:c6:46:8d:28, ff:ff:ff:ff:ff:ff, ff:ff:ff:ff:ff:ff, 22, 0, 0, 95, 70, 2, 0000000000000000, , 8, 0, 0, 0.0.0.0, 0.0.0.0, 0, 0, 0
PROBRP, 00:1f:a3:9b:0f:65, 00:26:c6:46:8d:28, 00:1f:a3:9b:0f:65, 22, 0, 0, 95, 101, 2, 0000000000000000, OpenWrt, 1, 11, 1, 0.0.0.0, 0.0.0.0, 0, 0, 0
PROBRP, 00:1f:a3:9b:0f:65, 00:26:c6:46:8d:28, 00:1f:a3:9b:0f:65, 22, 0, 0, 95, 101, 2, 0000000000000000, OpenWrt, 1, 11, 1, 0.0.0.0, 0.0.0.0, 0, 0, 0
My router is Alcatel-Sbell RG100A-A,with a BCM6358 CPU.Below is my network config:
root@OpenWrt:/etc/config# cat wireless
config ‘wifi-device’ ‘radio0′
option ‘type’ ‘mac80211′
option ‘channel’ ’11′
option ‘macaddr’ ’00:1f:a3:9b:0f:65′
option ‘hwmode’ ’11g’
option ‘txpower’ ’20′
option ‘country’ ’00′
config ‘wifi-iface’
option ‘device’ ‘radio0′
option ‘network’ ‘lan’
option ‘mode’ ‘ap’
option ‘ssid’ ‘OpenWrt’
option ‘encryption’ ‘wep-open’
option ‘key’ ’1′
option ‘key1′ ‘s:12345′
config ‘wifi-iface’
option ‘device’ ‘radio0′
option ‘ssid’ ‘OW_MO’
option ‘network’ ‘lan’
option ‘mode’ ‘monitor’
root@OpenWrt:/etc/config# iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
eth1 no wireless extensions.
br-lan no wireless extensions.
wlan0 IEEE 802.11bg Mode:Master Frequency:2.462 GHz Tx-Power=20 dBm
RTS thr:off Fragment thr:off
Power Management:off
wlan0-1 IEEE 802.11bg Mode:Monitor Frequency:2.462 GHz Tx-Power=20 dBm
RTS thr:off Fragment thr:off
Power Management:on
mon.wlan0 IEEE 802.11bg Mode:Monitor Frequency:2.462 GHz Tx-Power=20 dBm
RTS thr:off Fragment thr:off
Power Management:on
root@OpenWrt:/etc/config#
I use this command:root@OpenWrt:/usr/sbin# ./horst -i mon.wlan0 -o /tmp/hello
Can you give me some advice about this?Thank you for your reading
i think this is a problem with recent mac80211 drivers. i believe they have removed the signal level reporting per packet, but i have not followed mac80211/ath5k/ath9k development since one year…
i have protested against this about one year ago, as have others but the core mac80211 developers didn’t care.
Hi,
really love your program!
Was happy to get a new (ar71xx ath9k) router to test the spectrum analyzer mode.
But:
ERROR: wext set channel │
ERROR: could not set channel x (where x is i.e. 2-13 when I’m on 1)
Current openwrt trunk with mac80211.
Any ideas?
Thanks!
Hi Bruno,
I am using the Ralink 5390 card with the rt2800pci kernel module on ubuntu 11.10. I successfully created a mon0 interface, but when I run horst -s I get:
Wrong monitor type! Please use radiotap or prism2 headers
Question is, how do I create monX with radiotap or prism2 headers?
Thank you in advance.
Bill
iw wlan0 interface add mon0 type monitorwill always result in radiotap headers…hi,
I used your code for ath9k driver on a netgear router .. ( this is for 80211 abgn).
I ran it on a thinkpad too.
The radiotap header’s length is coming to be 14,18 in the two cases !
why is it different …
your code seems fine as its just reading on a raw socket and typecasting the buffer to a adiotap header.
Also, there are no noise, signal values reported in case of running your code on ath9k driver !
Seems reasonable that you are reading the bitmap and checking the bit and then printing the value.
Can you please give any reasonable explaination …
what do you mean by saying n is not supported by your driver … I guess the code I looked into did not suggest anything like that ( at the level of just reading the radiotap headers)
> I used your code for ath9k driver on a netgear router .. ( this is for
> 80211 abgn). I ran it on a thinkpad too.
> The radiotap header’s length is coming to be 14,18 in the two cases !
> why is it different …
the reasons for this are in the ath9k driver. without looking at the driver, i
guess it could be different lengths for received and transmitted packets or
different available information for different received packets.
> your code seems fine as its just reading on a raw socket and typecasting
> the buffer to a adiotap header. Also, there are no noise, signal values
> reported in case of running your code on ath9k driver ! Seems reasonable
> that you are reading the bitmap and checking the bit and then printing the
> value. Can you please give any reasonable explaination …
again, the reason for this is in the ath9k driver and mac80211 layer of the
linux networking stack. the main developers of mac80211 have decided some time
ago that they don’t care about signal and noise values and have removed the
corresponding (and well working) code. i and some others have protested, but
there was not enough demand for reporting signal and noise on a per-packet
basis. if you care about it, please ask on the linux-wireless mailinglist,
it’s easy enough to add the code again.
> what do you mean by saying n is not supported by your driver … I guess
> the code I looked into did not suggest anything like that ( at the level
> of just reading the radiotap headers)
sure, at this level there is no problem and horst can be used on n cards – by
saying n is not supported i just mean that horst knows nothing about 802.11n
specific packet types.
Hallo Bruno,
running ‘horst’ with ‘-q’ crashed on my system.
I supply a patch against the current git version.
Thank you for this nice tools
Uwe
————————————————————
diff –git a/main.c b/main.c
index affefde..a03f1b4 100644
— a/main.c
+++ b/main.c
@@ -113,7 +113,8 @@ printlog(const char *fmt, …)
/* fix up string for display log */
buf[0] = ‘\n’;
#if DISPLAY
- display_log(buf);
+ if (!conf.quiet)
+ display_log(buf);
#endif
}
}
@@ -341,7 +342,8 @@ handle_packet(struct packet_info* p)
update_essids(p, n);
#if !DO_DEBUG && DISPLAY
- update_display(p, n);
+ if (!conf.quiet)
+ update_display(p, n);
#endif
}
@@ -634,7 +636,8 @@ main(int argc, char** argv)
net_send_channel_config();
update_spectrum_durations();
#if DISPLAY
- update_display(NULL, NULL);
+ if (!conf.quiet)
+ update_display(NULL, NULL);
#endif
}
}
thanks for your patch!
HI~
It’s cool for studying wireless networks. Thank U so much.
can i ask something? on Not a horst but wireless-knowledge …
Q1. how long is the wireless session-time-out? after trying to connect Access point…
(1. JOIN ==> AUTHENTICATION ==> ASSOCIATION )
completing 3-steps, It is possible to send wireless frame to networks so called wired. when does the session be removed? after doing that…
is is depend on access point? I want to know it.
Hi, br1,
Can you tell me if the horst support HT capability which is 802.11n packets?
Sorry, no 802.11n support for now…
hey b :)
wanted to build latest git
make
[..]
make: *** No rule to make target `display-channel.o’, needed by `horst’. Stop.
any hints? :_)
uups, forgot to git add that file :( please try again tomorrow…
[...] pointed me at a console based Wifi analyser tool called Horst by Bruno Randolf. Horst captures any and all Wifi packets on the current channel then presents them [...]
Thanks David!
You need this patch to make IP, UDP, and Batman parsing work:
— horst-git-orig/ieee80211.h 2010-11-08 18:17:45.000000000 +1030
+++ horst-git/ieee80211.h 2010-11-29 15:48:08.791051846 +1030
@@ -422,10 +422,10 @@
((_fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)
#define IEEE80211_IS_CTRL(_fc) \
- ((_fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)
+ ((_fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL)
#define IEEE80211_IS_DATA(_fc) \
- ((_fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)
+ ((_fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
#define IEEE80211_IS_MGMT_STYPE(_fc, _x) \
(((_fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) && \
Cheers,
David
Hi,
I’ve spent the last day working on a spectrum analyser page for Horst. Some info on this thread:
http://groups.google.com/group/village-telco-dev/t/6ef86e02bfe401a5?hl=en
Cheers,
David
schönen guten abend.
danke für die schnelle hilfe. werde mich morgen mal dranmachen und horst compilen.
backfire 10.03.1-rc3 buildroot habe ich – da kommen auch funktionsfähige firmware images raus. werde schätzungsweise morgen im verlauf des tages rückmeldung erstatten können.
p.s.: sollten wir für internationale leser nicht doch auf englisch umschwenken? scheint ja mehr zu werden hier ^^
hey, yes, comments in english would be appreciated! or you can also send email to me, for questions and support… btw: i think it’s getting time to release 2.0 soon…
hey,
ich bleib mal wie die anderen kommentare bei deutsch.
kann es sein, dass horst keine channel wechseln kann? natürlich könnte ich entweder mehrere monitor devices anlegen oder den kanal umschalten. jedoch erwarte ich eigentlich von horst, andere kanäle zu scannen.
ich nutze horst mit openwrt, und brauche es, um ein wenig übersicht über netze in meiner nähe zu bekommen. kismet ist viel zu gross und hat einen unwichtigen hacking anteil. iwlist ath0 scanning ist nicht sehr übersichtlich, tcpdump ist noch schlimmer für wifi scanning – horst sieht für mich ideal aus, allerdings sehe ich immer nur die netze auf meinem channel.
die neue (git) version von horst kann kanal wechseln (die -s option), allerdings ist die liste der kanaele momentan harddcoded. bitte gib bescheid, ob das fuer dich funktioniert oder nicht…
Hallo Bruno
Das horst-tool zickt unter Kamikaze/Atheros. Mit Radiotap-Haedern zeigt es überhaupt nix an, mit Prism2-Haedern nur Müll (Datenpakete erscheinen als probe-requests)
Da es auf anderen Plattformen wunderbar funzt, tippe ich auf ein Little/Big-Endian-Problem. Kannst Du nicht nochmal drüberschauen?
Gruss rolf
yep. hast du die aktelle version aus dem git ausprobiert? da sollten die endian-probleme gefixed sein. ich verwende horst auf ar71xx. sag bitte bescheid wenn nicht.
bruno