7

I'm looking to find a specific wireless user around me, I have his MAC address, I even have the channel he is on.

I've tried iwlist peers, to no avail, as well as airodump. I have seen his mac pop up under airodump, but it is quickly buried under all the noise...

A little info on the environment: it is a heavily,heavily saturated WiFi area, upon opening airodump-ng the list becomes full of APs too quickly to see any clients. What I need is either a way to grep airodump for clients only / or another utility to view only clients (stations) around me, and their power output (so I can tell when I am close to the person).

Any suggestions?

unknown6708
  • 111
  • 1
  • 5
  • Power output is probably a bad measure, different hardware provide different power. This is a guess, but I'd try to do it by measuring the roundtrip of ARP packets (several of them, since interference exists). – grochmal Sep 08 '16 at 01:20
  • What's the problem with grepping? – KOLANICH Sep 08 '16 at 12:13
  • @KOLANICH grepping does not produce any results due to airodump refreshing output continuously (i think)...regardless, when I pipe airodump-ng into grep, it does not filter out anything.. – unknown6708 Sep 08 '16 at 14:57
  • I'm close to figuring this out. I'm pretty sure at this point that I'm going to have to dump output to a file, and loop an awk/sed to filter out stations only – unknown6708 Sep 08 '16 at 15:14
  • Try to redirect stderr to stdout. The UI is usually shown through stderr but the pipes usually work with stdout. – KOLANICH Sep 08 '16 at 19:54
  • I'd also like to point out that I did not use ARP because the subnet contains 2048 IPs, and an ARP would effect others... Also the client may not be on the same AP as I am which would effect return time, I was looking for strictly layer 1/2 solution – unknown6708 Sep 08 '16 at 20:21

1 Answers1

4

The solution for grepping airodump for specific mac:

airodump-ng mon0 2>&1 | grep "de:ad:be:ef:de:ad"

Thanks Kolanich. airodump prints to stderr, which had to be redirected to stdout to be greppable.

unknown6708
  • 111
  • 1
  • 5