{"id":535,"date":"2017-05-31T23:37:46","date_gmt":"2017-06-01T06:37:46","guid":{"rendered":"http:\/\/konukoii.com\/blog\/?p=535"},"modified":"2018-02-25T00:21:27","modified_gmt":"2018-02-25T08:21:27","slug":"eagle-eye","status":"publish","type":"post","link":"https:\/\/konukoii.com\/blog\/2017\/05\/31\/eagle-eye\/","title":{"rendered":"Eagle Eye: Wi-Fi Monitoring"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\"> 5<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span><p>When I was a teenager I spent a lot of time setting networks up with my Dad, fixing routers and switches, building antennas out of cardboard, \u00a0and playing with Wi-Fi. I remember playing with <a href=\"https:\/\/www.wireshark.org\/\">Wireshark<\/a>, <a href=\"https:\/\/www.dd-wrt.com\/site\/\">DD-WRT<\/a>, and <a href=\"http:\/\/www.polarcloud.com\/tomato\">Tomato Firmware<\/a>, which I though were really cool, but really hard for any average user to understand how to setup and use.<\/p>\n<p>While taking CS284: Mobile Networking, all of these experiences along\u00a0with my passion for networking, and the burning curiosity to learn Scapy finally converged on <a href=\"https:\/\/github.com\/pmsosa\/EagleEye\">EagleEye: The\u00a0Network Monitoring Tool for Everyone<\/a>.<\/p>\n<p style=\"text-align: right;\"><em>* Follow me for more hacking content!<\/em><br \/>\n<a class=\"twitter-follow-button\" href=\"http:\/\/twitter.com\/konukoii\" target=\"_blank\" rel=\"noopener\" data-show-count=\"false\">Follow @konukoii<\/a><\/p>\n<p><script src=\"http:\/\/platform.twitter.com\/widgets.js\" type=\"text\/javascript\"><\/script><\/p>\n<h4><strong><span style=\"text-decoration: underline;\">Motivation<\/span><\/strong><\/h4>\n<p>EagleEye is a wireless network monitoring tool aimed at empowering non-technical users; To allow them to troubleshoot, understand, and fix their wireless networks.<\/p>\n<p>Wi-Fi has become widespread in households, businesses, public places,\u00a0and even airplanes. Everyone has Wi-Fi now a days and no one wants to use cable anymore!\u00a0In fact, in the U.S alone, <a href=\"http:\/\/www.bizjournals.com\/prnewswire\/press_releases\/2017\/05\/18\/PH94118\">75% of households have Wi-Fi networks<\/a>!<\/p>\n<p>The problem is that while most people are setting up their Wi-Fi networks, very few of them really understand all the intricacies of Wi-Fi. Now of course, I'm not saying you should need a Computer Science degree to set one up, but not having a general understanding of a network beyond \"I plug it in and I'm done\" makes it really hard for users to troubleshoot their networks.<\/p>\n<p>So the idea for this project is twofold. First, I aim to give users a monitoring software that keeps it simple and gives you what you need to know without too much nonsense. Second, I seek to teach basic networking knowledge to the user, enabling them to troubleshoot their networks.<\/p>\n<h4><strong><span style=\"text-decoration: underline;\">Survey: Do people need it?<\/span><\/strong><\/h4>\n<p>Before I embark on different projects, I always like to quickly answer an important question: \"Why?\". For some projects the answer might simply be \"Because It will help me learn a new technology\". However, for this project I wanted to go a bit deeper and really understand if there is a need for such a tool.<\/p>\n<p>I surveyed 815 users (mostly from UCs and the Reddit community) and found some interesting data, which I'll provide in quick bullet points:<\/p>\n<ul>\n<li>79.4% of users have set up a Wi-Fi network (either at home, work, etc.)<\/li>\n<li>Of those users that set wireless networks, 41.1% was unaware that one could change the channel a Wi-Fi router broadcasts on.<\/li>\n<li>Of all the users, 69.3% resolved issues by \"turning the router On and Off again\"<\/li>\n<li>Of all the users, 18.0% resolved issues by \"Accessing the router's internal website and figuring out what the issue seemed to be\".<\/li>\n<li>Of all the users, 76.4% of users stated that they would find it useful to have a program that provided \"simple graphs and information [...] to troubleshoot their network.<\/li>\n<\/ul>\n<p>Through these numbers, it was easier to see that people do want (or need) the ability to troubleshoot their networks. Also, it showed me that even simple concepts such as \"broadcasting channels\" are not quite commonly known by users. (Which is why sometimes you see a ton of people broadcasting on the same channel on small housing complexes.<\/p>\n<h4><strong><span style=\"text-decoration: underline;\">Development<\/span><\/strong><\/h4>\n<p>While the paper I wrote goes into a lot more detail on how EagleEye works, I wanted to give a very quick overview.<\/p>\n<p>From a users perspective, I wanted them to be able to run the program from any linux computer. Essentially all they need to do is run the program and a browser window will open where they are prompted to select their network and input their network's password, and then the browser will start reflecting the data gathered from the active monitoring.<\/p>\n<p>The first challenge was to decrypt the packets that we\u00a0received through the wireless adapter that was set in \"Monitor\" mode. Thankfully, I found the C++ library <a href=\"https:\/\/libtins.github.io\/\">libtins<\/a> and <a href=\"https:\/\/github.com\/mfontanini\/dot11decrypt\">dot11decrypt<\/a> which allowed us to decrypt the live packets we\u00a0were reading and dump them into a new virtual network adapter. These packets are\u00a0then filtered and analyzed using Python's networking library <a href=\"http:\/\/secdev.org\/projects\/scapy\/\">Scapy<\/a>. Finally,\u00a0all of this information would be stored on a <a href=\"http:\/\/flask.pocoo.org\/\">Flask<\/a> server which then gets pulled by the client browser through javascript AJAX calls. Take a look at the figure below, which shows all of this more clearly.<\/p>\n<figure id=\"attachment_537\" aria-describedby=\"caption-attachment-537\" style=\"width: 417px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-537 \" src=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/05\/combo.png\" alt=\"EagleEye: Architecture\" width=\"417\" height=\"595\" \/><figcaption id=\"caption-attachment-537\" class=\"wp-caption-text\">EagleEye: Architecture<\/figcaption><\/figure>\n<p>Figuring out how to store the measurements and other data needed to display the graphs and charts was also a fun challenge. Ultimately, we decided to split the monitoring into time-slots (or windows) of 5 seconds. However, instead of choosing to keep a list of time-slots containing the network information of each client\u2019s activity, we choose a list of \u2018Client\u2019 structures. Each client structure contains the basic client information (IP Address, MAC address, OS, etc.) and also a \u2018report\u2019 structure. Inside the \u2018report\u2019 structure we keep the client\u2019s activity that happened inside a given 5 second time-slot. If a client is not active during a given 5 second time-slot, the information is not saved, thus saving us space.<\/p>\n<p>This structure was specifically chosen because it decreases the amount of redundant or necessary information, so the overall structure is always quite small (e.i. we are only logging information whenever the client is active). However, the trade-off is that the front-end will need to spend more time arranging the data to properly build charts and calculate basic usage information. Nonetheless, the time needed for our front-end to run the necessary calculations is substantially smaller than the time needed for our front-end to retrieve a substantially bigger, yet organized, data-structure. Furthermore, we were interested in taking away as much complexity from the back-end as we did not want to risk loosing packets or introducing other irregularities\u00a0on the packet capture.<\/p>\n<figure id=\"attachment_538\" aria-describedby=\"caption-attachment-538\" style=\"width: 247px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-538\" src=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/05\/client_struct.png\" alt=\"EagleEye: Storing Information\" width=\"247\" height=\"400\" srcset=\"https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/05\/client_struct.png 351w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/05\/client_struct-185x300.png 185w\" sizes=\"auto, (max-width: 247px) 100vw, 247px\" \/><figcaption id=\"caption-attachment-538\" class=\"wp-caption-text\">EagleEye: Storing Information<\/figcaption><\/figure>\n<p>Ultimately, the project ended up being really fun to build. We added all sorts of nifty features and graphs that could help users. We also added <em>http leak<\/em>\u00a0protection that would catch and alert you when passwords and usernames that are being sent in clear-text. Accompanying all this work is a comprehensive help section that tries to guide users so they understand the terminology and charts.<\/p>\n<figure id=\"attachment_536\" aria-describedby=\"caption-attachment-536\" style=\"width: 1024px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-536\" src=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/05\/eagleeye-1024x626.png\" alt=\"EagleEye: User Interface\" width=\"1024\" height=\"626\" srcset=\"https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/05\/eagleeye-1024x626.png 1024w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/05\/eagleeye-300x183.png 300w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/05\/eagleeye-768x469.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption id=\"caption-attachment-536\" class=\"wp-caption-text\">EagleEye: User Interface<\/figcaption><\/figure>\n<p>This project is still on the rather early stages of development as I only had a few weeks to program it. However, I built this basic prototype thinking that I was going to expand on it later. I tried to take few shortcuts and allow for a modular architecture that would let me continue coding without accruing too much technical debt. Anybody else that is interested is completely welcome to contribute to the project.<\/p>\n<h4><strong><span style=\"text-decoration: underline;\">Paper &amp; Git Repo<\/span><\/strong><\/h4>\n<p>As always feel free to contact me with any questions, suggestions, or further ideas. I also wanted to do a quick shout-out to Prof. Belding for such an entertaining class.<\/p>\n<p>Git Repo: <a href=\"https:\/\/github.com\/pmsosa\/EagleEye\">github.com\/pmsosa\/EagleEye<\/a><\/p>\n<p>Paper can also be found at <a href=\"https:\/\/www.academia.edu\/33341620\/EagleEye_Wi-Fi_Monitoring_for_Non-Technical_Users\">Academia.edu<\/a>.<\/p>\n<div class=\"ead-preview\"><div class=\"ead-document\" style=\"position: relative;\"><div class=\"ead-iframe-wrapper\"><iframe src=\"\/\/docs.google.com\/viewer?url=http%3A%2F%2Fkonukoii.com%2Fblog%2Fwp-content%2Fuploads%2F2017%2F05%2Feagle_eye_sosa.pdf&amp;embedded=true&amp;hl=en\" title=\"Embedded Document\" class=\"ead-iframe\" style=\"width: 100%;height: 500px;border: none;visibility: hidden;\"><\/iframe><\/div>\t\t\t<div class=\"ead-document-loading\" style=\"width:100%;height:100%;position:absolute;left:0;top:0;z-index:10;\">\n\t\t\t\t<div class=\"ead-loading-wrap\">\n\t\t\t\t\t<div class=\"ead-loading-main\">\n\t\t\t\t\t\t<div class=\"ead-loading\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/konukoii.com\/blog\/wp-content\/plugins\/embed-any-document\/images\/loading.svg\" width=\"55\" height=\"55\" alt=\"Loader\">\n\t\t\t\t\t\t\t<span>Loading...<\/span>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div class=\"ead-loading-foot\">\n\t\t\t\t\t\t<div class=\"ead-loading-foot-title\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/konukoii.com\/blog\/wp-content\/plugins\/embed-any-document\/images\/EAD-logo.svg\" alt=\"EAD Logo\" width=\"36\" height=\"23\"\/>\n\t\t\t\t\t\t\t<span>Taking too long?<\/span>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<p>\n\t\t\t\t\t\t\t<div class=\"ead-document-btn ead-reload-btn\" role=\"button\">\n\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/konukoii.com\/blog\/wp-content\/plugins\/embed-any-document\/images\/reload.svg\" alt=\"Reload\" width=\"12\" height=\"12\"\/> Reload document\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<span>|<\/span>\n\t\t\t\t\t\t\t<a href=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/05\/eagle_eye_sosa.pdf\" class=\"ead-document-btn\" target=\"_blank\">\n\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/konukoii.com\/blog\/wp-content\/plugins\/embed-any-document\/images\/open.svg\" alt=\"Open\" width=\"12\" height=\"12\"\/> Open in new tab\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>When I was a teenager I spent a lot of time setting networks up with&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/konukoii.com\/blog\/2017\/05\/31\/eagle-eye\/\">Read the post<span class=\"screen-reader-text\">Eagle Eye: Wi-Fi Monitoring<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":543,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[98,100,101,99,56],"class_list":["post-535","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-netsec","tag-eagleeye","tag-monitor","tag-network-monitor","tag-networking","tag-software","excerpt","zoom","full-without-featured","even","excerpt-0"],"_links":{"self":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts\/535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/comments?post=535"}],"version-history":[{"count":11,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts\/535\/revisions"}],"predecessor-version":[{"id":735,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts\/535\/revisions\/735"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/media\/543"}],"wp:attachment":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/media?parent=535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/categories?post=535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/tags?post=535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}