Deauther V3 Tutorial: Scan Command

Deauther V3 Tutorial: Scan Command

ยท

4 min read

Monitor and log networks and devices in your area and gather information about them, like their MAC address and signal strength.

๐Ÿ‘‰ For this tutorial, you'll need to start Huhnitor and connect to your Deauther V3. Haven't installed Huhnitor yet? Follow this tutorial to find out how.

How to use the command

Get an overview of the command structure and available arguments by typing:

help scan

help scan output

You can see that all arguments besides the first are in square brackets, meaning they are optional. Below the command structure, you'll find a list of all the available arguments, a short explanation, and their default value (if they're optional).

ArgumentExplanation
-m -modeWhat you want to scan for. Pick ap for networks, st for clients, or ap+st for both.
-t -timeThe time you spend scanning for stations (client devices).
-ch -channelSpecify the channel(s) you scan to find stations.
-ct -ctimeThe time you spend on each channel before hopping to the next.
-r -retainAdd this argument to keep the previous scan results instead of overriding them.

AP Scan vs. Station Scan

Scanning for access points (APs) only takes a few seconds. Networks are easy to detect because they constantly advertise themselves by sending beacon frames.

But a station scan can be configured to run as long as you want. This is because we can't know when we've detected all the stations in our area. We can only detect stations when they are actively sending packets. So if a station hasn't jet sent any packet, we won't yet know about its existence.

Running the command

scan

Scan command output

AP Scan Table:

ColumnInformation
IDEach access point is given a number to make referencing easier.
SSIDThe name of the network.
RSSIThis is the received signal strength of the packet. The bigger the number, the stronger the signal. A good signal could mean you're close to the device, although many factors play into the signal strength, like the medium the signal needs to pass through.
ModeType of encryption the network uses.
ChThe channel the network is operating on.
BSSIDThe MAC address of the access point.
VendorHere, you can find the device manufacturer (provided it's in the database programmed into the Deauther V3).

ST Scan Table

ColumnInformation
IDEach station is given a number to make referencing easier.
PktsThe number of packets captured from the device.
RSSIThis is the received signal strength of the packet. The bigger the number, the stronger the signal. A good signal could mean you're close to the device, although many factors play into the signal strength, like the medium the signal needs to pass through.
VendorHere, you can find the device manufacturer (provided it's in the database programmed into the Deauther V3).
MAC-AddressThe MAC address of the station.
AccessPoint-SSIDName of the network the device is connected to.
AccessPoint-BSSIDMAC-Address of the network the device is connected to.
Probe-RequestsNames of networks this device is asking for. Learn more about Probe Requests here.

You can stop a station scan by typing

stop scan

Or if you're using huhnitor by hitting Ctrl + C.

Results

When the scan has finished, you'll get a list of the scan results divided into access points and stations. If you want to recheck these results later, you can use the Results Command.

results

Missing Devices

If you know the scan isn't picking up all devices in your area, it could be because of one of the following reasons:

  • The scan is missing packets because it's channel hopping. Try scanning on one channel exclusively.

  • Only active client devices can be seen. Make sure the device you're looking for is actually generating traffic.

  • The WiFi device/network is running on 5 GHz. However, the ESP8266 can only see 2.4 GHz traffic.

  • The device(s) are not close enough. If the signal strength of a connection is too low, it might not be recognized.

ย