# Wireless Scanning & Antenna Lab The goals of this exercise are: - Learn to perform a site survey using the Unifi controller. - Learn to perform a site survey at the command line. - See how antenna polarisation can affect signal strength. ## Unifi Site Scan The easiest way to perform a site scan is through the Unifi controller. When you scan with an access point, all traffic is interrupted - so don't perform a scan on an access point carrying live traffic, or the access point you're connected to at the time! Highlight a wireless access point in the devices section of the controller. In the right-hand panel, under "Tools", you will see a blue button labelled "Scan". Click this and be prepared to wait several minutes for the scan to finish.  When you're done you'll find you can hover your mouse over various channels and see their mean power levels and channel occupancy. Don't forget to look at both the 2G and 5G wireless environments! What's the busiest channel you see? Why do you think it's so busy? ## Command Line Access Scanning from the command line can be more useful and flexible than using the controller. It can also help you create and export lists of local access points, or monitor signal strength from an access point over time. On Unifi devies, the command to perform a wireless scan is: **iwlist (devicename) scan**. The devices available on an AC-Mesh access point are vwire0 (for the 2.4 GHz band) and vwire1 (for the 5 GHz band). Scanning the 2.4 GHz band, starting from the command line of your network monitoring server, can be as easy as: ``` ssh admin@192.168.?.? iwlist vwire0 scan ``` Results of this scan should look have an entry for each SSID that looks like this: ``` Cell 02 - Address: F0:9F:C2:DE:E9:99 ESSID:"nsrc_wifi" Mode:Master Frequency:5.22 GHz (Channel 44) Quality=67/94 Signal level=-29 dBm Noise level=-102 dBm Encryption key:on Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Extra:bcn_int=100 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK Extra:wme_ie=dd180050f2020101000003a4000027a4000042435e0062322f00 Extra:phy_mode=IEEE80211_MODE_11AC_VHT40PLUS Extra:ath_ie=dd0900037f01010000ff7f Extra:ubnt_ie=dd1300156d00010100010257e58106f09fc2dce999 ``` With this information you can find out the frequency, channel size, signal, and noise levels of every Wi-Fi access point in an area. ### Processing Scan Output at the Command Line Perhaps more useful is performing this command from your server, and processing the output using common Linux tools like the shell, grep, and cut. ``` ssh admin@192.168.?.? 'iwlist vwire0 scan' |grep Address ``` Scanning Exercises: - Find the all the MAC addresses that are acting as wireless access points right now. - Find how many SSIDs appear at more than one MAC address. - What percent of SSIDs have no encryption? - What is the MAC address of the transmitter with the strongest signal? - What is the polarisation of the access point with SSID "nsrc_wifi" Add your results to the Google Doc here: https://docs.google.com/document/d/1y87Qq-FXF-3BWWnDGkgZGH3kAwGObLy-2XaLSwG-XkI/edit?usp=sharing #### Next Steps After using your access point as a wireless scanner, it's a good idea to reboot it to ensure any changes you might have made are rolled back. Do this at the command line with ``` reboot && exit ```