Hey, nice job on this :) I just wanted to mention that in case you are not aware, it is against the law to sniff packets. The only exception is to sniff on your own network, and only to protect it.

It is unfortunate, otherwise it would be really nice to come up with ways to use it!

At least you should put a "big fat" warning that the use of sniffing is most likely be illegal.

Trying to fix https://github.com/schollz/howmanypeoplearearound/issues/6 This does the full build but does not provide any data packets on my Mac but maybe others will have more luck on more promiscuous OSes.

To use:

• $ docker build -t howmanypeoplearearound .
• $ docker run -it --rm --name howmanypeoplearearound howmanypeoplearearound

Help needed- Does its detect only phones listed in the code? It detects wonderfully my HTC phone, but not OnePlus, MI or Xiomi phone.

Issue - The count of cellphones takes into account rssi~0 also, which seems to be incorrect output.

This can be helpful on MacOS where you can capture on the interface while still attached to the wifi (using the Wireless Diagnostic tool) or in general when you already have a pcap file.

It's basically self explanatory but still there are very less video explainations,kindly add some video Tutorials as there are many noobs and this project is very cool

What is the simplest standalone hardware setup you would recommend for this?

What service would you run to be able to access the graphed results on another device's web browser?

https://ask.wireshark.org/questions/7976/wireshark-setup-linux-for-nonroot-user This approach is used in the Dockerfile

Also verify that Python and pip are installed.

When I try to use analyze or loop as per the instructions, it says no such command. Some of the other ones work, and when I pull up the help info, it only lists these:

  -a, --adapter TEXT   adapter to use
  -s, --scantime TEXT  time in seconds to scan
  -o, --out TEXT       output cellphone data to file
  -v, --verbose        verbose mode
  --number             just print the number
  -j, --jsonprint      print JSON of cellphone data
  -n, --nearby         only quantify signals that are nearby (rssi > -70)
  --nocorrection       do not apply correction
  --help               Show this message and exit.

Any ideas?

https://github.com/schollz/howmanypeoplearearound/blob/master/howmanypeoplearearound/main.py#L159-L161 Is this correct? It probably is correct, and my knowledge is weak. :-(

I am using python 3 on windows, run command in command line like this: pip install howmanypeoplearearound and finally it shows: Successfully installed howmanypeoplearearound-0.3.1 netifaces-0.10.5 pick-0.6.3 However, when run command: howmanypeoplearearound failed: Traceback (most recent call last): File "C:\Users\win10\AppData\Local\Programs\Python\Python36-32\Scripts\howmanypeoplearearound-script.py", line 11, in <module> load_entry_point('howmanypeoplearearound==0.3.1', 'console_scripts', 'howmanypeoplearearound')() File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\pkg_resources\__init__.py", line 560, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\pkg_resources\__init__.py", line 2648, in load_entry_point return ep.load() File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\pkg_resources\__init__.py", line 2302, in load return self.resolve() File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\pkg_resources\__init__.py", line 2308, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\howmanypeoplearearound\__main__.py", line 11, in <module> from pick import pick File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\pick\__init__.py", line 3, in <module> import curses File "c:\users\win10\appdata\local\programs\python\python36-32\lib\curses\__init__.py", line 13, in <module> from _curses import * ModuleNotFoundError: No module named '_curses' PS C:\Users\win10> howmanypeoplearearound Traceback (most recent call last): File "C:\Users\win10\AppData\Local\Programs\Python\Python36-32\Scripts\howmanypeoplearearound-script.py", line 11, in <module> load_entry_point('howmanypeoplearearound==0.3.1', 'console_scripts', 'howmanypeoplearearound')() File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\pkg_resources\__init__.py", line 560, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\pkg_resources\__init__.py", line 2648, in load_entry_point return ep.load() File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\pkg_resources\__init__.py", line 2302, in load return self.resolve() File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\pkg_resources\__init__.py", line 2308, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\howmanypeoplearearound\__main__.py", line 11, in <module> from pick import pick File "c:\users\win10\appdata\local\programs\python\python36-32\lib\site-packages\pick\__init__.py", line 3, in <module> import curses File "c:\users\win10\appdata\local\programs\python\python36-32\lib\curses\__init__.py", line 13, in <module> from _curses import * ModuleNotFoundError: No module named '_curses'

What's the problem?

For one timepoint my dumped JSON file contains the following (redacted), with two MAC addresses separated by a comma, where there is usually a single MAC address:

{"rssi": -77.0, "company": "Apple, Inc.", "mac": "48:43:7c:XX:XX:XX,23:eb:f7:XX:XX:XX"}

This causes a syntax issue in the Javascript generated for analysis that looks like the following, causing the analysis to not display:

var mac48437cXXXXXX,23ebf7XXXXXX = {
  x: timex,
  y: [rssi-numbers-omitted],
 name: '48:43:7c:XX:XX:XX,23:eb:f7:XX:XX:XX', mode: 'lines', type:'scatter' };

Not sure how to replicate it, as I don't have a raw Wireshark dump file matching it. There seems to be the implicit assumption that wireshark will never emit two mac addresses in a single line like that, which should probably be improved on by either dropping the line or splitting the mac address field and duplicating the result. However, given I am not sure why it occurred, I am not sure what the best course of action should be.

We can also exploit the contact tracing being added to iOS and Android to answer the question "how many people are around?". Cell phones are transmitting ephemeral IDs with BTLE and we can sniff that with tshark. I have described the method here:

https://xakcop.com/post/how-many-people/

If you think this fits into the project, I can start working on a PR :)

Hi @schollz , first things first, thanks for making such a cool project.

I was trying to use this on my mac osx. And here's what I did.

1. Connected to wifi
2. Ran

$ brew install wireshark
$ brew cask install wireshark-chmodbpf
$ sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -z

3. Installed the pip package, and ran howmanypeoplearearound

I see a very big list of options

I'm not sure which one is my wifi adapter that supports monitor mode. Is there any way to figure that out?

Also, I tried to bruteforce and give it a shot with all the option but everytime the response after scanning is Found no signals, are you sure en0 supports monitor mode?

Can you please help if I'm missing any step?

This change adds a capture filter so that tshark only captures probe requests, ignoring all the other traffic that comes up when a wireless interface is listening in monitor mode.

It uses the following pcap capture filter: "type mgt subtype probe-req" pcap-filter docs: https://www.tcpdump.org/manpages/pcap-filter.7.html

By using a pcap filter, there is less information in the temporary pcap file to parse. Hopefully this slightly optimizes the code.

PS. This is my first pull request! I hope it is helpful, but my sincerest apologies if this is irrelevant or unhelpful. Thanks again for sharing this project and your awesome documentation!