I used tshark (wireshark) to detect any unknown wifi devices which are around. It worked basically fine. However, there are some problems I have to start/stop tshark in order to process the data. I am looking for a better way to improve it so I do not have to stop tshark to process the data. Keeping it running in the background all the time.
My current implementation :
while true
do
tshark -nn -i wlan0 -I -l subtype probereq | grep --line-buffered -v “32:8a:ae:bd:5a:8c|60:a4:4c:d1:f4:f8(here is a long list of known wifi devices)” > dat.txt &
(only interested in probe request frames)
sleep 30
killall tshark
DEVICES=awk '{print $3 }' dat.txt (get mac address only)
echo 0 > dat.txt (clear the data for next run)
if [[ $DEVICES = : ]]
then
curl --max-time 2 --connect-timeout 2 --header “Content-Type: text/plain” --request PUT --data “ON” http://127.0.0.1:8080/rest/items/mobile_mac_unknown/state
echo “FOUND UNKNOWN DEVICES”
else
curl --max-time 2 --connect-timeout 2 --header “Content-Type: text/plain” --request PUT --data “OFF” http://127.0.0.1:8080/rest/items/mobile_mac_unknown/state
echo “NOT FOUND UNKNOWN DEVICES”
fi
done
If I do not kill tshark, the dat.txt will be accessed by two processes. It seems not to work reliably.
Any thoughts how to work around this?