Site Survey in Alchemy

Discussion in 'Sveasoft Firmware' started by bigdog, Jul 18, 2005.

  1. bigdog

    bigdog Network Guru Member

    I just got a laptop and tried the Site Survey button in Alchemy on my WRT54GS v2 and noticed 2 odd things.

    1) It does not show my laptop or anything in the Site Survey window that comes up.

    2) If I tell it to ReScan it (hoping something will show up) it will actually disconnect the laptop and then it reconnects moments later, still not showing anything in the site survey tho.

    Is there a bug in it? Am I doing something wrong?

  2. bluedog

    bluedog Network Guru Member

    Unless your laptop is broadcasting a signal the router won't pick it up. Sitesurvey AFAIK only picks up devices that broadcast signals.. If you don't see anyone, then that should mean your neighbors if they have wireless aren't close enough for you to see them.....

  3. davidsonf

    davidsonf Network Guru Member

    Only Access Points (i.e., not Clients) are listed. As the other response noted, that is because an AP can (and should be configured to) broadcast its SSID at regular intervals. Some people falsely assume that security is better if they disable SSID broadcasts, and if they do they won't show up in the survey list either. Of course, they get no real additional security, and instead you can't tell which channel to avoid, and rather than security what they get is interference!

    The scan is done in Client mode, which can detect AP broadcasts of the SSID; hence it has to disconnect because it is switched to Client mode.

    No bugs, though I personally thought the code to generate that screen was nothing short of ridiculous! The data collection is done with an overly large and complex C program, and the same thing can be accomplished with only a few lines of shell programming. (If anyone asks, I'll post it, because it provides more information than the Site Survey. But what I have is a command line interface, not a GUI interface.)

    Anyway, if you are interested in raw data... enable telnetd, log into the WRT54G, and run these commands:
      wl ap 0
      wl promisc 1
      wl scan
      sleep 2
      wl scanresults
      wl ap 1
    The "wl" program controls the wireless radio. What that does in order is switch to Client Mode, turn on Promiscuous Mode (otherwise it will list only AP's that have the same SSID that it does), then it does a scan. The sleep command give it time to run the scan and buffer the results, which are then printed out with the "wl scanresults" command. It is then switched back to AP mode, and will reconnect with clients.
  4. bigdog

    bigdog Network Guru Member

    Thanks for all the replies that helped explained why it didn't work as I expected. Altho I still do wish that it would show all the wireless connections it detects. Is there a way to do this? I still think there may be a bug as my laptop detects another network in the area (weaker signal) so not sure why the site surevey didn't pick up on that.

    As for disablining SSID broadcast, why is that not really a good security measure? I was under the impression that if you can't be seen that is a major plus in securing the system similar to stealthing with a firewall. Right now mine does have the SSID broadcast disabled but would like understand why that may not be the best idea. I do see that quite often the speed downshifts to like 48M or 36M and wondering if that has anything to do with it...

    Thanks Again
  5. davidsonf

    davidsonf Network Guru Member

    For someone who wants to attack you (for example, anyone with enough savy to break even WEP encryption), the SSID broadcasts mean absolutely nothing. Your SSID is unencrypted in every packet you send, and it is encrypted packets, not the SSID broadcast, they want to see.

    The broadcast merely makes sure a packet is sent at very short regular intervals, which allows the Site Survey scan to work. Because the broadcast is repeated at very short intervals the actual time needed for the scan to monitor each channel is relatively small. (Remember that short period where your AP disconnected from your Client, did the scan, and the reconnected!) That of course allows a quick determination of whether any given channel is occupied, and allows people to avoid undue interference.

    But a cracker has already decided to go to more effort, and necessarily must scan for hours or even days rather than seconds. And not for the broadcasts, but for encrypted packets. (That is necessary, because they have to collect a few thousand encrypted packets to break WEP.)

    Hence hiding the SSID broadcast does nothing to hinder a cracker and much to allow interference.
  6. HateEarthlink

    HateEarthlink Network Guru Member

    It doesn't take as much savvy as you imply.

    guess again...

  7. davidsonf

    davidsonf Network Guru Member

    The savvy can be built into a program; but it does have to be there.

    The time spent scanning of course depends on how much traffic here is, and how on how intent the person is on finding out what is available. Scanning for minutes might find something; but it takes scanning for hours or days to learn everything that is available.

    The point is still the same, disabling SSID broadcasts is a mistake.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice