Note that it does take some practice. I suggest you try finding a known access point first. Also, be prepared to answer dumb questions from the police and officials. To the clueless, you will probably look like a terrorist.
Thanks for that. Searching for the proper terms does seem to enhance the result set returned by Google.
Great suggestions!
LOL! I actually got pulled over about 1 this morning while war driving and testing out my cantenna setup. It was a riot! They wanted to know what "that gun looking thing" was...(it was my new cantenna with a pistol grip).
They did ask me to please do it during daylight hours (they said they have been having problems with some burglaries and such). But, my slowly cruising the 'hoods and jamming up traffic during the day will certainly piss them off too. I'll just remind them that it was their idea - not mine.
War driving is addictive. I did it for 3-4hours and found approx 600 wireless access points. About 30% have no protection whatsoever. About 50% have WEP (really no security wahtsoever). And the other 20% have WPA+.
Sweet.
I'm using WirelessMon right now. It is pretty good. I use the RSSI values to home in on a signal. Then, I realize I am chasing a reflection and go on the opposit direction (lol).
I am considering a 3 cantenna setup where the left and right cantennas are offset by -45 degrees and + 45 degrees. I'll need software that can watch 3 antennaes simultaneously - which means I may have to write it (or pay someone to write it) - but it may be worth the trouble.
Thanks so much for your help!
P.S. I added a green laser pointer to my setup to help locate wireless access points from outside multi-floored buildings. Don't know if it'll help much, but it looks cool.
It's different if you are wardriving around, and can have a laptop + the cantenna all in the car...
If you are trying to locate rogue AP's around your company/school, then how are you physically gonna carry the required "stuff" around the floors & halls ?
Since you mention "building & room", it's hard to guess exactly your "situation" ?
My height of stupidity was walking around a shopping center parking lot, in the middle of the afternoon, with a 20ft foot fiberglass pole,
19dBi dish antenna, into a laptop and portable spectrum analyzer. It took the police about 90 minutes to arrive. They would have ignored me, but after about a dozen phone calls from panicy shoppers, they were curious. I was ready. I had copies of my FCC GROL license, ID's, business cards, printed data on the hardware, etc. The business cards were a mistake, as I later received the traditional "can you fix my computer" type calls.
This was not the first time I attracted attention. When I got my first laptop (Zenith Z180) back in the late 1980's, I decided to try logging in via accoustic modem in a pay telephone booth. It took me about 15 minutes to convince the sheriff that I wasn't using the computer to steal money out of the pay telephone.
Who is "they"?
Night time is better. The moving vehicles create reflections, which are a major problem for direction finding. When the parking lots and streets empty, it's much eaasier. There's also less RFI (interference) from other Wi-Fi systems.
Around here, about 20% have the default SSID and no encryption, which indicates that they've never been configured. Shooting fish in a barrel has never been very interesting.
Reflections are always a problem. That's why I indicated that you should use map and draw as many lines of position from as many different locations as possible. Many of these lines will be obvious reflections, but the bulk of them will cross at one point. There is also software to help do this, but I can't seem to find any at the moment. There's also some equipment I've designed that will help, but I'll need permission to discuss it. This might help:
Bad, very bad idea. The cantenna does not have a narrow enough beamwidth. It's also not really symmetrical. See:
That's a beamwidth of about 70 degrees. Not very good for direction finding.
What you want is a commerical dish antenna. The 24dBi variety have a beamwidth of about 7 degrees. Nice and sharp, which is great for pointing, but also good for eliminating inteference and reflections coming from any direction except straight ahead. The problem is that the 24dBi dish is big and heavy. However, there are 15 and 19dBi versions which are good enough. You can also use a panel antenna, but watch out for side lobes, which will cause some doubt as to the exact direction. Forget about yagi's as they have far too many side lobes.
One big problem is too much gain when you're close. A 24dBi dish is great for long range and sharp aiming. It's a disaster when you're really close and find that the receiver is overloaded. You'll need an RF attenuator (usually with N connectors) to reduce the signal to reasonable levels.
Another problem when you get close is that you can unplug the antenna and still hear the signal. Most wireless laptops and access points are not very well shielded. You may find yourself working with the laptop inside a shielded metal box. I use a carboard box, lines with aluminum foil, and a brass wire screen on one side to view the LCD.
Also a bad idea. Point that in someone's face and you're going to draw fire. Use a telescope or sight tube (piece of plastic pipe) for sighting. If on top of a pole, use a cheap USB camera.
I can see you're going to need some practice with this. Try it in your own neighborhood first. I think you'll find it somewhat challenging until you shake out the bugs in your equipment and technique.
I feel ya. I do small business networks and constantly get calls to go to people's homes to fix their kid's PC or remove spyware and crap. I refuse all home calls except for the employees of the companies that I suuport. (I'd refuse those too, but I want to help keep thier home systems clean as to not infectthe business when they take stuff back and forth between home and work.)
I used to write the software that programmed payphones. Had to leave there when the owner of the company started having death threats FAXED to the office because of his business practices.
The nice policemen that pulled me over.
Not to mention less traffic (since I do it driving).
No, it really is no fun at all. But, I am gathering data for a newspaper article also, and the number of insecure systems is simply shocking.
I've actually had pretty good luck with the cantenna and close monitoring. Not so much luck in the daytime as at night.
what about covering the end of the cantenna with foil and cutting a thin slit in it to allow signal in?
Good idea.
My targets were business buildings at night. Reduces the chance of drawing fire or accidentally blinding someone. After i tried it a couple of times, the bright green beem and spot was sure to draw interested parties (police), so I packed in the laser and just stuck with the cantenna.
Yep. I can see that there is a bit to learn about not only the theory, but also about my own equipment's idiocyncracies. But, it's fun - so practice is no problem.
Now that you have jumped into this RDF thread with both feet, could you consider obtaining the airsleuth package so we might learn why the s/w aborts with:
"Check for security id failed -- would you like to run the application in simulation mode?"
This is on the Proxim hardware the package is supposed to support. Some many months ago you were 'too busy' for 'more projects', but IMHO this one has merit.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.