WIFI presence detection

Back in my very first post I talked about using Bluetooth to detect my presence at home in order to disable the CCTV system and control a few other things.

While this works well it does not scale well to multiple people as the Bluetooth layer 2 ping takes about 5 seconds to time out if the device in not in range. This means that at most 12 different phones can be checked in a minute.

A couple of recent chats with a few people at work (Vaibhavi Joshi & Dale Lane and Bharat Bedi) got me thinking about this again. Modern phones tend to have WIFI as well as Bluetooth and 3G radios these days so I thought that I’d have a look at seeing if this could be used to locate devices.

After bit of a poke around it looked like a package called Kisment should be able to do what I wanted.


Kismet is a client server application, the backend server reads from the network card and decodes the packets and the UI which requests data from the server over a socket connection. This also means the backend can be on a different machine, in fact several different drone backends can be consolidated in a single master backend server and all the captured data presented to UI. This means you could distribute a number of drones over site and generate a map as devices move between areas covered by the different backends.

The default client is a ncurses based application that can list all the visible networks and a chart showing the incoming packet rates. It’s great for getting a view of what networks are active which can be very useful when you have to set up a new one and want to see which channels are free.

Rather than use the default client I decided to write my own to drive the backend the way I wanted it and to make exposing the data easier (I’m going to publish detected devices on a MQTT topic). But first I had a bit of a play using the netcat (nc) command. Netcat basically pipes stdin/stdout to and from a given socket, this is useful because the Kisment protocol is just a set of simple text commands. For example the following command will get the kismet backend to return a list of all the clients it has seen to date.

echo -e '!0 enable client MAC,manuf,signal_dbm,signal_rssi' | nc localhost 2501

Returns something that looks like this:

*CLIENT: 00:25:69:7D:53:D9 [0x01]SagemCommu[0x01] -71 0

The only tricky bit about the response is that any field that can contain a space is wrapped in characters with a value of 0x01, in this case the manufacture field could contain spaces so we need the following regexp to chop up the responses for each time a client is spotted.

I decided my client in Java (because the MQTT libraries are easy to use) so I chose to use a regular expression to split up the response

Pattern.compile("\*CLIENT: ([0-9A-F:]*) \x01(.*)\x01 (-?\d+) (\d) ");

By default Kismet cycles round all the available channels to try and get a full picture of all the WIFI traffic in range, but this means it can miss some packets and in turn miss clients that are not generating a lot of traffic. To help get round this I have locked Kismet to just listen on the same channel as my WIFI access point since all my devices are likely to try and connect to it as soon as it comes in range and there is less chance of me missing detecting my phone up front.

!1  HOPSOURCE cab63dc8-9916-11e0-b51a-0f04751ce201 LOCK 13

cab63dc8-9916-11e0-b51a-0f04751ce201 is the UUID assigned to the wifi card by kismet and the 13 is the channel I run my WIFI access point on. You can find the UUID by running the following command:

echo -e '!1234 enable source type,username,channel,uuid' | nc localhost 2501

Which returns a string that looks like this every time the back end hops to new channel.

*KISMET: 0.0.0 1308611701 [0x01]Kismet_2009[0x01] [0x01]alert[0x01] 0 
*SOURCE: orinoco_cs test 3 30b9b5a4-9b93-11e0-acfe-ee054e2c7201 
*ACK: 1234 [0x01]OK[0x01]

Publishing the last seen time on the following topic /WIFIWatch/<mac> allows applications to register to see a specific device and also build up a list of all devices ever seen and when.

WIFI Watch topics

It’s not just phones that have WIFI adapters these days, net books, tablets even digital cameras (with things like eyefi) all have , also with multiple kismet nodes it might be possible to track devices as they move around an area.

Next is to look at the signal strength information to see if I can judge a relative distance from the detection adapter.



Tonight I will mainly be falling off my bike

I got home this evening to find a box waiting by the door.

The box contained my first set of cycling shoes and cleat pedals.

Tonight I will mainly be falling off my bike

I wasn’t sure exactly what I wanted here so I basically picked the cheapest bits on wiggle.co.uk, but a bit of a chat with a few folk (Karl Roche) suggested I’d not done too bad.

I’ve gone for a set of Wellgo WPD982 SPD Pedals. Welgo seam to make pedals for a some of the more well known names and sell them under their own name cheaper than the others. I went for a half and half flat and cleat pedal so I can still use my bike without the shoes.

As for the shoes I got some dhb M1 MTB. There was a road version of these for the same price, but as far as I can tell the only real difference is that the mountain bike version have extra rubber bits on the sole that mean the cleat doesn’t touch the ground, which seamed like a good idea for my first set.

A couple of laps round the local housing estate this evening and I think I’ve got the hang of clipping in and more importantly unclipping before falling over when stopping, but it’s going to take a bit more practice before I head out on roads with any real traffic.

Tracks2Mile 1.1.4 – With automatic details import

After discovering that my patch for My Tracks had been pulled just before their last release (1.1.5) I’ve been looking for another way to get the information about time and distance.

After another closer look at the instructions 3rd party use instruction on the wiki and it’s possible to access the My Tracks database directly. Running a query that filters on the workout title, which I can get from the GPX files name, I can get hold of all the information. It is possible to have multiple workouts with the same name so I’m picking the last one added to the db since this has to be the most likely one you’ll be wanting to upload.

Since I’m reading direct from the database there is also the problem that if the My Tracks guys change the table layout then I could have a problem. The API provides a method that returns a Track object which holds the data but you can only use this if you know workout id, but this available at the moment.

I’ll probably stick a new patch in for My Tracks to pass the workout id so I don’t have to make this assumption, but it should be good enough for now.

Other fixes include:

  • One to stop caching photos in memory before writing them to the sd card to prevent OutOfMemoryErrors
  • Closed a couple of windows where the database was accessed after it’s been closed.

Grab it from the Android Market here