Highly optimized radio scanning tool
horst [\|-h\|] [\|-q\|] [\|-s\|] [\|-i interface\|] [\|-t sec\|] [\|-c IP\|] [\|-C\|] [\|-p port\|] [\|-e mac\|] [\|-d ms\|] [\|-o file\|] [\|-b bytes\|]
horst is a small, lightweight IEEE802.11 wireless LAN analyzer with a text interface. Its basic function is similar to tcpdump, Wireshark or Kismet, but it's much smaller and shows different, aggregated information which is not easily available from other tools. It is mainly targeted at debugging wireless LANs with a focus on ad-hoc (IBSS) mode in larger mesh networks. It can be useful to get a quick overview of what's going on on all wireless LAN channels and to identify problems.
Shows signal/noise values per station
Calculates channel utilization ("usage") by adding up the amount of time the packets actually occupy the medium
"Spectrum Analyzer" shows signal levels and usage per channel Graphical packet history, with signal/noise, packet type and physical rate
Shows all stations per ESSID and the live TSF per node as it is counting
Detects IBSS "splits" (same ESSID but different BSSID - this is a common driver problem)
Statistics of packets/bytes per physical rate and per packet type
Has some support for mesh protocols (OLSR and batman)
Can filter specific packet types source addresses or BSSIDs
Client/server support for monitoring on remote nodes
-h
Show summary of options.
-q
Quiet mode. Don't show user interface. This is only useful in conjunction with running in server mode (-C) or writing to a file (-o).
-s
Show "spectrum analyzer". The same can be achieved by running horst as normal and pressing the button 's' (Spec); then 'c' (Chan) and 'a' (Automatically change channel).
-iintf
Operate on given interface instead of the default "wlan0". Note that the interface is assumed to be in monitor mode already. See MONITOR MODE below on more information about monitor mode.
-tsec
Timeout (remove) nodes after not receiving packets from them for this time in seconds (default: 60 sec).
-cIP
Connect to a horst instance running in server-mode at the specified IP address.
-C
Allow client connections. Server mode. Only one client connection is supported at the moment (default: off).
-pport
Use the specified port (default: 4444) for client/server connections.
-emac
Filter all MAC addresses except these. This option can be specified multiple times to show only packets originating from the specified MAC addresses.
-dms
Display update interval. The default value of 100ms can be increased to reduce CPU load.
-ofilename
Write a summary packet info into file.
-bbytes
Receive buffer size. The receive buffer size can be explicitly set to tune memory consumption and reduce lost packets.
horst should work with any wireleass LAN card and driver which supports monitor mode, with either "prism2" or "radiotap" headers. This includes most modern mac80211-based drivers.
You have to put your card in monitor mode and set the channel manually before you start horst. Usually this has to be done as root.
Using iw:
iw wlan0 interface add mon0 type monitor
Using iwconfig:
iwconfig wlan0 mode monitor iwconfig wlan0 channel 1 ifconfig wlan0 up
Using madwifi:
wlanconfig wlan0 create wlandev wifi0 wlanmode monitor
Using hostap:
iwconfig wlan0 mode monitor iwpriv wlan0 monitor_type 1
tcpdump(1), wireshark(1), kismet(1), README
horst was written by Bruno Randolf <[email protected]>.
This manual page was written by Antoine Beaupré <[email protected]>, for the Debian project (and may be used by others).