Ever support cloud based wireless access points that don’t include the uptime of the wireless access point? I can think of at least one vendor where the uptime of the access points is not available in via the cloud management dashboard. Typically support can provide the uptime of the access points but frequently reaching out to support to get that information proves tedious and tiresome. The ‘lswifi’ tool is a handy way to find the uptime (and many other important details) of the access points by utilizing the timestamp in the beacon frames. Since the timestamp in the beacon frame continues incrementing when the access point (SSID) comes online, the tool does the math for you and tells you how long (Approximately) the AP has been up. The only caveat is that you have to be onsite, or close enough to the access point to hear the beacon frames. The minimum signal strength can be specified in the command options allowing exclusion of distant SSIDs. I’ve included two links at the bottom to the tool that includes how to install and get started.
The output of the command includes many helpful columns. Including SSID, BSSID, RSSI, 802.11 PHY, Number of spatial streams, Security elements, 802.11 amendments supported, and AP uptime. The output below shows all SSIDs with a signal of -60 dBm or stronger. This is the default output of the command with the aforementioned signal strength added. If you look closely at the channel column, you’ll see one of the issues we deal with as wireless professionals, access points using channel 4. Which we all know is against best practices. I long ago considered the 2.4GHz frequency best-effort at my house due to these types of neighboring networks.
Below is a screenshot of the output of the -help option, which lists all of the available options. Different options will include different output columns.
This tool could be useful in discovering Person-in-the-middle attacks in a known environment. Given an enterprise network will typically consist of the same model access points and a Person-in-the-middle is unlikely to be using the same model. Noting differences in the access points characteristics, particularly spatial streams and supported PHYs and amendments, could allow easy discovery of a rouge access point masquerading as an internal one.
One additional caveat is that the tool is only available for Windows. If you’re looking for another tool for your toolbox, I encourage you to use the link below to download the tool and take it for a test drive. We can never have enough options for troubleshooting wireless related complaints.