Basic suggestions requested for initial war driving from home

Discussion in 'Wireless Internet' started by Lin, Jul 23, 2013.

  1. Lin

    Lin Guest

    I will state outright that I'm very interested in *learning* how to
    connect to whatever is (randomly) connectible within range of my home
    WiFi.

    I don't yet know *what is connectible* around my house (i.e., what is
    wide open) - but that's what I want to find out.

    To that end, I just bought a 2.5 GHz Ubiquiti Nanobridge M2:
    http://dl.ubnt.com/datasheets/nanobridgem/nbm_ds_web.pdf

    Googling, it looks like my amplification will be about 41 dB (about 13
    times), given these average numbers from the spec sheet:
    1. Transmit power = ~23 dBm (200 mW)
    2. Antenna focus/amplification = ~18 dBi

    Googling, I see "Jeff L." says they lie, so let's just assume 10X
    for now, which should be good enough to pick up *something* on the
    radar around my home.

    Since, "Jeff L." says the sensitivity is just as important, the figures
    seem to be (depends greatly on the channel) about:
    3. Receive sensitivity = ~90 dBm

    So, given I don't know all that much (but I've googled a bit) about
    "war driving" (although I want to do so from home), what else do I
    need to buy or download in order to begin my home survey to find what
    I can connect to randomly (presumably only open WiFi radiations)?
     
    Lin, Jul 23, 2013
    #1
    1. Advertisements

  2. Lin

    Lin Guest

    I should mention that I'm on Linux and I've installed (but not yet
    used) the following freeware:

    $ sudo yum install kismet (installed /usr/bin/kismet)
    $ sudo yum install wireshark (no executable was installed though)
    Note: I could not find a netstumbler repository for CentOS.

    Q: What other software is recommended for seeing what I can connect
    to (i.e., wide open WiFi access points) from home?
     
    Lin, Jul 23, 2013
    #2
    1. Advertisements

  3. http://madwifi-project.org/wiki

    --
    p-0.0-h the cat

    Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
    Devil incarnate, Linux user#666, BaStarD hacker, Resident evil, Monkey Boy,
    Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
    the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme,
    the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
    shyster [pending approval by STATE_TERROR], cripple, sociopath, kook,
    smug prick, smartarse, arsehole, moron, idiot.

    Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
    By Appointment to God Frank-Lin.
     
    p-0''0-h the cat (ES), Jul 23, 2013
    #3
  4. Lin

    mike Guest

    any device with wifi should do.
    pda cellphone laptop
    I use a dell axim x51v for such things.
     
    mike, Jul 24, 2013
    #4
  5. Lin

    Lin Guest

    Hello Pooh,

    I read that page, and it appears to contain an advanced WiFi driver
    for Atheros chipsets.

    I presume the reason is that these advanced drivers might be able
    to be set in promiscuous mode?

    If so, having no idea what *my* wifi driver chipset was, I ran:
    $ /sbin/lspci -knn | grep -i network
    which revealed an Intel chipset (and not Atheros) starting with 03:00.0.

    $ /sbin/lspci -vv -s 03:00.0 | grep driver
    revealed the driver currently being used is iwlwifi.

    $ $ /sbin/modinfo iwlwifi | grep filename
    revealed the location and file name of the driver:
    /lib/modules/<linux kernel path>/kernel/drivers/net/wireless/iwlwifi/iwlwifi.ko

    Am I correct in guessing that the advanced WiFi drivers are so that
    we can better control an (Atheros) chipset for wardriving purposes?
     
    Lin, Jul 24, 2013
    #5
  6. Lin

    miso Guest

    No. You need a device that has monitor mode. [I used to think
    promiscuous mode was required, and I probably have posted that a few
    times. However, what you need is monitor mode.]

    The Alfa tube-u with the N connector on it is excellent. The chipset has
    monitor mode.
    You do not want to use netstubler. Use Kismet.
     
    miso, Jul 24, 2013
    #6
  7. Ah! you got me. I don't use the command line under Linux, but under
    FreeBSD, and I use atheros chipsets.

    The syntax looks very similar.

    Under FreeBSD

    ifconfig -v wlan0 list scan # from recollection

    'list scan' lists the ap's and ad hoc devices held in the cache built up
    during background scanning.

    ifconfig -v wlan0 scan

    This clears the cache and initiates a scan. Of course this provides a
    more a current list free from dead entries, but a single scan won't pick
    up the beacon frames from all available ap's and ad hoc devices, so to
    get output similar to netstumbler but without dead entries you really
    need to write a script to do several scans and aggregate the results or
    accept list scan's limitations. It's probably OK for your purposes.

    I'm guessing the extensions mentioned [or lack of relates to WME] but
    maybe not, I just know madwifi is the daddy.

    If you are just looking for open AP's this seems fine

    SSID BSSID CHAN RATE S:N INT CAPS
    eddie 00:06:25:e8:3a:05 6 54M 36:0 100 EPs

    CAPS column shows from recollection

    E = ESSID = AP
    P = protected
    s = ?

    I get lots of other stuff to the right with FreeBSD so I guess you may
    need -v

    I dunno how it works under linux, but on later editions of FreeBSD you
    no longer configure the physical adapter [ath*] but have to create a
    network pseudo-device, weird name, like another layer that sits on top,
    usually called wlan0. That way if things get borked you can destroy and
    [re]create it. Forget syntax, but involves the word create.

    --
    p-0.0-h the cat

    Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
    Devil incarnate, Linux user#666, BaStarD hacker, Resident evil, Monkey Boy,
    Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
    the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme,
    the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
    shyster [pending approval by STATE_TERROR], cripple, sociopath, kook,
    smug prick, smartarse, arsehole, moron, idiot.

    Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
    By Appointment to God Frank-Lin.
     
    p-0''0-h the cat (ES), Jul 24, 2013
    #7
  8. Lin

    Lin Guest

    I just realized that the external antenna I am contemplating
    buying uses Atheros chipsets (as do many wifi radios); so your
    wonderful site for Atheros drivers may still come in handy.

    I will bookmark that site for future use!

    Thanks - and - you're very intelligent - which is something
    that's appreciated!
     
    Lin, Jul 24, 2013
    #8
  9. Lin

    Lin Guest

    I am always confused which is needed, monitor or promiscuous!
    A friend gave me a Ubiquiti Bullet M2 yesterday.
    It came screwed onto a 14 dBi flat planar antenna, which I might
    replace with a lower-range but wider-area dipole for convenience.

    This datasheet indicates it uses the Atheros chipset (MIPS 24KC, 400MHz),
    http://dl.ubnt.com/datasheets/bulletm/bm_ds_web.pdf

    So Pooh's Atheros driver web site should be useful:
    http://madwifi-project.org/wiki

    At 23 dBm to 28 dBm transmit power with the 14 dBi antenna, my EIRP
    should be roughly 40 dB with a sensitivity able to pick up signals
    as low as -75 dBm to -83 dBm.

    That should pick up some open access points within a few miles,
    don't you think?
     
    Lin, Jul 24, 2013
    #9
  10. Lin

    miso Guest

    I guess this all depends on how you define war driving. I view it as a
    passive event. I just monitor and log. That said, I again repeat myself,
    your chip set needs monitor mode to do a passive scan.

    Now if you are going to use some open wifi, then there is no need for
    stealth, so just about any adapter will work.

    I don't like those parabolic reflectors. They don't travel well. They do
    work. I was given an old MDS antenna. I prefer panel antennas. My panel
    antenna is in the car, so I don't have the model handy, but I think it
    does 16db. That will do about 5 to 8 miles with the alfa tube-u. This is
    in an environment without a lot of other signals.

    As a FYI, there is a lot of wifi out there that will not show up on
    netstumbler. Utility companies have wifi interfaces to access
    transmission line telemetry. The railroads have wifi for reasons I don't
    recall. The backhaul often doesn't transmit a SSID.

    If you really want to do a site survey, you need kismet. If you want to
    borrow some wifi, netstumbler will do. I'm not sure netstumber will pick
    up idle wifi clients. That is, any device that has a list of site to
    quick connect will be broadcasting to find those sites.
     
    miso, Jul 25, 2013
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.