The WLAN Pi is a device designed for assessing, testing, and troubleshooting Wi-Fi networks. It’s a small computer based on the NanoPi Neo2 board that is pre-loaded with a comprehensive set of tools for Wi-Fi professionals, including Kismet, bettercap, HORST, iPerf, and others. It comes with an OLED display, one or two USB ports and a Gigabit Ethernet port. When attaching a compatible Wi-Fi dongle, the WLAN Pi can be used to create a hotspot to profile Wi-Fi clients, run throughput tests, Wi-Fi scanning, packet capturing, and much more. You can find additional information about the WLAN Pi project here.

WLAN Pi

One of the cool things you can do with the WLAN Pi is to use it as a remote sensor in WiFi Explorer Pro. A remote sensor is a device capable of running a Wi-Fi scan on behalf of WiFi Explorer Pro. The results of a remote scan are sent back to WiFi Explorer Pro and displayed in the same manner as the results produced by a scan using the built-in Wi-Fi adapter on your Mac. This capability enables Wi-Fi engineers, for example, to drop a WLAN Pi in some location and connect back to it to perform Wi-Fi scans when necessary.

You can also have the WLAN Pi as an external adapter that WiFi Explorer Pro can use for scanning, while at the same time keeping your Mac connected to a Wi-Fi network using your Mac’s built-in Wi-Fi adapter. Moreover, the ability to use different adapters with the WLAN Pi offers us the possibility to use an adapter with an external antenna and increase the number of networks WiFi Explorer Pro can see.

The WLAN Pi works together with WiFi Explorer Pro out of the box. There are two ways to connect to the WLAN Pi and use it for Wi-Fi scanning in WiFi Explorer Pro:

1. USB On-The-Go

The micro-USB B port on the WLAN Pi supports the USB On-The-Go (OTG) specification. What this means is that when you connect your Mac to the WLAN Pi using a USB to micro-B cable (the same cable you use to power up the WLAN Pi), the WLAN Pi appears in your Mac as an Ethernet device, which is automatically configured via DHCP.

On the Mac, we can use this network interface to communicate with the WLAN Pi, which has a default IP address of 192.168.42.1. A DHCP server running in the WLAN Pi will give your Mac an IP address in the 192.168.42.0/24 network, for example, 192.168.42.14.

RNDIS Ethernet Gadget on Mac

The nice thing about this option is that by simply connecting the WLAN Pi over USB, the WLAN Pi will automatically appear as an external adapter in WiFi Explorer Pro that you can choose for Wi-Fi scanning, and you can carry the WLAN Pi with your Mac, as it is being powered up via the USB port as well.

WLAN Pi as External Adapter

When the WLAN Pi is used as an external adapter, the initial scan may take between 10 and 15 seconds as WiFi Explorer Pro determines the capabilities of the Wi-Fi dongle attached to the WLAN Pi, but then each subsequent scan may take between 3 to 5 seconds, depending on which channels are supported or whether or not there is activity on DFS channels.

2. Remote Sensor

The USB OTG method works very well when you don’t have a network cable around or when you need to carry the WLAN Pi with you as you move with your Mac, but it has two limitations: you cannot connect to multiple WLAN Pis (their IP addresses will be the same, 192.168.42.1) and you cannot use the WLAN Pi a sensor that you can leave behind.

The remote sensor capability in WiFi Explorer Pro allows you to effectively use your WLAN Pi as a sensor you can access remotely. All you need to do is add the WLAN Pi as a remote sensor: go to WiFi Explorer Pro > Preferences > Sensors, add a new remote sensor, enter its _wired_ IP address and give it a name. If you have multiple WLAN Pis deployed in the same network, or different networks, you can create a separate remote sensor for each of them.

Why the wired IP address? Because the Wi-Fi adapter attached to the WLAN Pi will be put into monitor mode for scanning, so it cannot be used to transmit data back to WiFi Explorer Pro. If you cannot wire the WLAN Pi, you could use the second USB port (or a USB hub if your WLAN Pi doesn’t have one), and then attach and configure a secondary Wi-Fi adapter that can be used for the data connection.

Similarly as with the USB OTG method, the WLAN Pi appears as a remote sensor that you can choose for Wi-Fi scanning. And because the WLAN Pi, when used as a remote sensor, leverages the same script to function as an external adapter over the USB OTG connection, the scan performance is practically the same. However, some latency may be introduced at the moment of displaying the scan results depending on various factors, such as the quality of the connection between WiFi Explorer Pro and the WLAN Pi or the number of scan results since this data needs to be transmitted back to WiFi Explorer Pro.

WLAN Pi As Remote Sensor

If the WLAN Pi becomes unavailable during the scan, WiFi Explorer Pro will automatically stop the scan and prompt you to retry connecting to the remote sensor.

Securing the connection between WiFi Explorer Pro and the WLAN Pi

The connection between WiFi Explorer Pro and the WLAN Pi is not secure. All the information about the networks found during the scan is sent in plain text. This is not an issue when WiFi Explorer Pro connects to the WLAN Pi via the USB OTG port since everything happens locally, but when WiFi Explorer Pro connects to the WLAN Pi using a regular network connection, the information can be available to bad actors.

We could argue that even in the case of WiFi Explorer Pro connecting to the WLAN Pi over Ethernet, sending the information unencrypted isn’t really an issue or something to worry about. Anyone can have access to such information if they are physically located within range (a parking lot, for example) of the target networks, running a Wi-Fi scanner or packet capture tool. However, for some organizations, this information might be considered sensitive and a secure mechanism to transmit the data back to WiFi Explorer Pro is required.

There’s also the case where, for example, an organization’s firewall doesn’t allow access to TCP port 26999, the port WiFi Explorer Pro uses to connect to a remote sensor. If the port cannot be open, you will not be able to connect remotely to the WLAN Pi.

In general, we can resolve the firewall issue, and at the same time secure the connection between WiFi Explorer Pro and the WLAN Pi, by using an SSH tunnel. An SSH tunnel is a method to transmit data over an encrypted SSH connection, adding a security layer to applications that do not natively support encryption.

If the WLAN Pi can be reached directly on port 22 (SSH), we can create an SSH tunnel by establishing an SSH connection directly to the WLAN Pi. Otherwise, we may use a gateway machine to forward data back and forth between your Mac and the WLAN Pi. The gateway machine must be a computer reachable from outside the network, on port 22, and that can talk to the target WLAN Pi on port 26999.

To create an SSH tunnel directly to the WLAN Pi, open Terminal in your Mac and type the following command:

ssh -f -L -N 26999:127.0.0.1:26999 <WLAN_Pi_Username>@<WLAN_Pi_Address>

Where WLAN_Pi_Username and WLAN_Pi_Address are the username and address you would normally use to access the WLAN Pi. For example:

ssh -f -N -L 26999:127.0.0.1:26999 [email protected]

The -f parameter tells SSH to run in the background, -N tells SSH that it should not open a console to the target machine and instead only forward the data. The -L parameter tells SSH to forward traffic on the local port 26999 to port 26999 on the target machine. Because the WLAN Pi is both the target and the gateway machine, we can use 127.0.0.1 as the remote address, which tells SSH that the traffic will be forwarded to the local port 26999 on 163.118.78.59.

To create an SSH tunnel using a gateway machine, type the following command instead:

ssh -f -L -N 26999:<WLAN_Pi_Address>:26999 <Gateway_Username>@<Gateway_Address>

Where Gateway_Username and Gateway_Address are the username and address of the machine that is visible from outside the network and that will forward the data between your Mac and the WLAN Pi. WLAN_Pi_Address is the address of the WLAN Pi inside the network. For example:

ssh -f -L -N 26999:192.168.0.10:26999 [email protected]

Then, go to WiFi Explorer Pro and add a remote sensor that has address 127.0.0.1. When you choose this sensor for Wi-Fi scanning, WiFi Explorer Pro will actually connect to a local SSH process running on port 26999. An SSH process running at the other end of the tunnel will connect to the WLAN Pi, also on port 26999, encrypt and forward the data back to WiFi Explorer Pro.

WLAN Pi Secure

Note: Because you cannot modify the port WiFi Explorer Pro uses to connect to the WLAN Pi (currently 26999), you cannot connect to more than one WLAN Pi using an SSH tunnel. In a future version of WiFi Explorer Pro, an option to specify the port will be added to allow for multiple sensors using an SSH tunnel, or to work around possible port conflicts. In this case, you don’t need to modify the actual port the remote sensor runs on, only the port WiFi Explorer Pro uses to connect to the sensor. The local port of the SSH tunnel can be an arbitrary port that then you enter in WiFi Explorer Pro when adding the sensor, but the port the remote sensor runs on will still be the same, 26999.

Conclusion

In this blog we have discussed how to use the WLAN Pi together with WiFi Explorer Pro. The WLAN Pi is a small and convenient device that continues to evolve and provide access to great tools for Wi-Fi professionals interested on assessing, testing and troubleshooting Wi-Fi networks. The integration between WiFi Explorer Pro and the WLAN Pi is a clear demonstration of the possibilities of the WLAN Pi project. If you have any questions or suggestions on how to improve this integration, please contact us. We’d love to hear your feedback.