From charlesreid1

Experiment 2 Overview

Experiment 2 focuses on constructing a single step in the data pipeline: automating data acquisition from a sensor to run an experiment.

Experiment Summary:

  • The Raspberry Pi runs a boot script that starts a Python script that puts the wireless card in monitor mode and uses airodump-ng to collect wireless network data.


  • Sensor hardware - in this case, a single Raspberry Pi with a wireless card
  • Python script that controls wireless card, airodump-ng processes
  • Boot script that calls Python script on boot


  • Remotely connect to Raspberry Pi via SSH
  • Create Python script that controls wireless card and starts airodump-ng process for specified amount of time
  • Start/stop airodump processes so CSV files are created at N-minute or N-second intervals
  • Create boot script that runs Python script



We'll assume you can connect to the Pi via SSH.

(Extraneous) Passwordless Login Raspberry Pi

Set up passwordless login following

Then define the following alias in your .bashrc or wherever:

alias pi="pi"
function pi() {
  ssh-agent > ~/ssh.file # env vars in ssh.file 
  chmod +x ~/ssh.file # execute file
  ~/ssh.file > /dev/null
  rm -f ~/ssh.file
  export IP=""
  ssh -Y root@${IP} # the actual ssh call

Now you can connect to the pi by typing:

$ pi

Create a Test Startup Service

Create a test startup service by doing the following.

Create a custom startup script in /etc/init.d/custom-script with the following contents:

root@kali:/etc/init.d# cat custom-script 
#! /bin/sh

# Provides:		custom-script
# Required-Start:	$local_fs $remote_fs
# Required-Stop:	$local_fs $remote_fs
# Default-Start:	2 3 4 5
# Default-Stop:		0 1 6
# Short-Description:	Here ya go buddy, custom script

set -e

touch /root/ohai

exit 0

Make the script executable with chmod +x custom-script

Make sure this is linked in the proper rcN.d/ folders by running update-rc.d custom-script defaults.

Now make sure there's no file rm /root/ohai and then run reboot. Once you reboot, you should see a file named ohai in the root directory.

Create Wifi Data Capture Startup Service

Create a real startup service that will start capturing wifi data on boot. Assume wifi card is wlan0. More info on Raspberry Pi startup service here:

Starting with the Python script that will run airodump-ng and capture wifi data into CSV files:

import subprocess
import os
import time
from datetime import datetime

script_name = ""

# each experiment will be Nhours in duration
Nhours = 2

# each CSV file will be Nseconds in duration
Nseconds = 15
# figure out how many files there will be 
Nfiles = (Nhours*3600)/Nseconds

# create a unique file prefix for this experiment
prefix ='%Y-%m-%d_%H-%m')

print("[%s] About to put card in monitor mode."%(script_name) )['ifconfig','wlan0','down'])['iwconfig','wlan0','mode','monitor'])['ifconfig','wlan0','up'])
print "Done."

for i in range(Nfiles):

    # construct the airodump command and pipe all its output to /dev/null so it doesn't blow up the syslog
    FNULL = open(os.devnull,'w')
    the_cmd = ['airodump-ng','wlan0','-w',prefix,'--output-format','csv']
    # call it
    p = subprocess.Popen(the_cmd,stdout=FNULL, stderr=subprocess.STDOUT)
    # wait for it

    # aaaaand bail 
print("[%s] Success!"%s(script_name) )

This python script will run airodump in a way that redirects all of its output to /dev/null. THIS IS EXTREMELY IMPORTANT. If you don't redirect stdout, it will go into your syslog, and you will have 500 MB of airodump-ng output (refreshed/printed every second, unless you turn it off) in /var/log/syslog. Whoops.

That's the reason for the stdout/stderr redirects.

Now you can create a startup service to launch this Python script in the background:


#! /bin/sh

# Provides:             capture-wifi-data
# Required-Start:       $local_fs $remote_fs
# Required-Stop:        $local_fs $remote_fs
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Capture wifi data.

set -e

case "$1" in
        cd /root/wifi_data
        pkill airodump-ng
        exit 1


exit 0

You can enable the script with update-rc.d capture-wifi-data defaults. This will run a two-hour experiment, beginning at the point the Pi is plugged in.

More information at Kali Raspberry Pi/Startup Services

Creating Startup Service

To create the startup service without logging into the Pi, you can mount the SD card from Linux (or a Mac with FUSE or the ability to read ext4 filesystems) and modify the contents of the NON-BOOT partition of the SD card, which contains the Raspberry Pi file system.

You put your startup script into /sdcard/etc/init.d and then you symlink that startup script into whichever run levels you'd like, with the prefix S02, which indicates this is a runtime level 2 or higher service. (The Raspberry Pis boot into runtime level 2 by default, and sshd starts in runtime level 2.)

$ cd /sdcard/etc/init.d/
$ chmod +x capture-wifi-data
$ ln -fs capture-wifi-data ../rc2.d/S02capture-wifi-data

and optionally, what you would do on a heavy duty system that uses multiple runtime levels,

ln -fs capture-wifi-data ../rc3.d/S02capture-wifi-data
ln -fs capture-wifi-data ../rc4.d/S02capture-wifi-data
ln -fs capture-wifi-data ../rc5.d/S02capture-wifi-data
ln -fs capture-wifi-data ../rc6.d/S02capture-wifi-data

The Result

A nice haul of booty from an evening of scanning wifi networks: