forked from br101/horst
-
Notifications
You must be signed in to change notification settings - Fork 0
/
horst.1
139 lines (129 loc) · 4.31 KB
/
horst.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH HORST 8 "August 14, 2012"
.\" Please adjust this date whenever revising the manpage.
.SH NAME
horst \- Highly Optimized Radio Scanning Tool
.SH SYNOPSIS
.B horst
.RB [\| \-h \|]
.RB [\| \-q \|]
.RB [\| \-s \|]
.RB [\| \-i
.IR interface \|]
.RB [\| \-t
.IR sec \|]
.RB [\| \-c
.IR IP \|]
.RB [\| \-C \|]
.RB [\| \-p
.IR port \|]
.RB [\| \-e
.IR mac \|]
.RB [\| \-d
.IR ms \|]
.RB [\| \-o
.IR file \|]
.RB [\| \-b
.IR bytes \|]
.SH DESCRIPTION
\fBhorst\fP is a small, lightweight IEEE802.11 wireless LAN analyzer
with a text interface. Its basic function is similar to tcpdump,
Wireshark or Kismet, but it's much smaller and shows different,
aggregated information which is not easily available from other
tools. It is mainly targeted at debugging wireless LANs with a focus
on ad\-hoc (IBSS) mode in larger mesh networks. It can be useful to get
a quick overview of what's going on on all wireless LAN channels and
to identify problems.
.IP \[bu] 2
Shows signal/noise values per station
.IP \[bu] 2
Calculates channel utilization ("usage") by adding up the amount of time the packets actually occupy the medium
.IP \[bu] 2
"Spectrum Analyzer" shows signal levels and usage per channel Graphical packet history, with signal/noise, packet type and physical rate
.IP \[bu] 2
Shows all stations per ESSID and the live TSF per node as it is counting
.IP \[bu] 2
Detects IBSS "splits" (same ESSID but different BSSID \- this is a common driver problem)
.IP \[bu] 2
Statistics of packets/bytes per physical rate and per packet type
.IP \[bu] 2
Has some support for mesh protocols (OLSR and batman)
.IP \[bu] 2
Can filter specific packet types source addresses or BSSIDs
.IP \[bu] 2
Client/server support for monitoring on remote nodes
.SH OPTIONS
.TP
.BI \-h
Show summary of options.
.TP
.BI \-q
Quiet mode. Don't show user interface. This is only useful in conjunction with running in server mode (\-C) or writing to a file (\-o).
.TP
.BI \-s
Show "spectrum analyzer". The same can be achieved by running \fBhorst\fP as normal and pressing the button 's' (Spec); then 'c' (Chan) and 'a' (Automatically change channel).
.TP
.BI \-i\ intf
Operate on given interface instead of the default "wlan0". Note that the interface is assumed to be in monitor mode already. See MONITOR MODE below on more information about monitor mode.
.TP
.BI \-t\ sec
Timeout (remove) nodes after not receiving packets from them for this time in seconds (default: 60 sec).
.TP
.BI \-c\ IP
Connect to a \fBhorst\fP instance running in server-mode at the specified IP address.
.TP
.BI \-C
Allow client connections. Server mode. Only one client connection is supported at the moment (default: off).
.TP
.BI \-p\ port
Use the specified port (default: 4444) for client/server connections.
.TP
.BI \-e\ mac
Filter all MAC addresses except these. This option can be specified multiple times to show only packets originating from the specified MAC addresses.
.TP
.BI \-d\ ms
Display update interval. The default value of 100ms can be increased to reduce CPU load.
.TP
.BI \-o\ filename
Write a summary packet info into file.
.TP
.BI \-b\ bytes
Receive buffer size. The receive buffer size can be explicitly set to tune memory consumption and reduce lost packets.
.SH MONITOR MODE
\fBhorst\fP should work with any wireleass LAN card and driver which supports monitor mode, with either "prism2" or "radiotap" headers. This includes most modern mac80211-based drivers.
You have to put your card in monitor mode and set the channel manually before
you start \fBhorst\fP. Usually this has to be done as root.
.TP
Using iw:
.nf
iw wlan0 interface add mon0 type monitor
.fi
.TP
Using iwconfig:
.nf
iwconfig wlan0 mode monitor
iwconfig wlan0 channel 1
ifconfig wlan0 up
.fi
.TP
Using madwifi:
wlanconfig wlan0 create wlandev wifi0 wlanmode monitor
.TP
Using hostap:
.nf
iwconfig wlan0 mode monitor
iwpriv wlan0 monitor_type 1
.fi
.SH SEE ALSO
.BR tcpdump (1),
.BR wireshark (1),
.BR kismet (1),
.BI README
.SH AUTHOR
horst was written by Bruno Randolf <[email protected]>.
.PP
This manual page was written by Antoine Beaupré <[email protected]>,
for the Debian project (and may be used by others).