I am working in a testing lab where people take tests. The director that runs it wants me to be able to scan and see if anyone taking a test has their phones wifi turned on (they are not allowed to access the internet during the tests).

I have been researching nmcli dev wifi and iw dev (cardname) scan and am getting inconsistent results.

Can anyone point me in a better direction to see (not connect to) any phone wifi that is turned on?

Examples:

Without knowing your network infrastructure pointing you in a better direction is really not possible.

Do you have an access point inside the lab itself? How many access points are detectable inside the lab?

How many mobile phone services are available and have decent signal strength in the lab?

Phones do not have to be connected to WiFi to access the internet and the simplest way to prevent people from using the internet is to collect their devices and lock them up.

If the lab access point or closest AP connects directly to a bigger LAN then a simple nmap scan would find everyone not just wifi or phones in a single location. Depending on AP it could provide a list of connected devices if you had direct access but then you can not tell if they are inside or outside the lab.

Some WiFi devices send periodic ping/broadcast messages which would indicate it is on for devices not connected to an AP.

nmap thank you.

Fair enough is there a way to see any devices with a SIM internet connection that are nearby? I had not thought of that..

The nmap utility will only show the phones which are registered to your wireless network.

You might look at kismet instead, but the point about the SIM cards would still stand.

There are charging stations which are basically tiny lockers with keys and universal adapters inside. Your best bet would be to get one of those and have people check their phones into the locker on the way in.

Maybe look for bluetooth nodes?

Yes thanks I am already scanning for bluetooth standard and BLE. We're not able to pat people down (world aint like it used to be) and you may be shocked but the 'honor' system of not bringing a phone into the room isn't always followed , hence this request from the lady that runs the testing center..

Oh. Patting might not be necessary, wanding should suffice. :P

There are a lot of "HAT"s for Raspberry Pis, some of which could check for 2G/3G/4G signals and guess at proximity when combined with the right coding.

I'm not serious but you can build or buy your own fake base station and therefore phones will connect to it verses the real network. There is software to detect fake stations so it may not work in all cases.

A spectrum analyzer in the lab to detect see when a phone broadcasts a RF signal. A good analyzer is not cheap.

Build a Faraday cage inside the lab which will prevent any RF signal from entering. If any AP or cell phone repeater is in the lab itself you can remove power to the device. Not cheap either.

Buy RF shield bags for the testers but if you only work on the honer system then it isn't going to work either.

Again the easiest and cheapest method is to collect their phones.