LINEBURG


<< . .

 11
( 36)



. . >>


War driving software has no problem scanning at freeway speeds, although range is limited.
And you can start the laptop and leave it alone during normal commutes or take side trips on
the way home just because you haven™t scanned that area before. Regular war drivers frequently
go out of their way to grab the signals along a stretch of road they haven™t war driven before. If
you become enamored with the results of your war driving, it becomes a numbers game where
you seek the highest number of access points found.
Keep in mind that the software does most of the work during war driving. You just need to
keep the laptop running. Figure 5-2 shows how all this comes together.
105
Chapter 5 ” Gearing Up for War Driving




FIGURE 5-1: On a daytime war drive bathed in wireless.




FIGURE 5-2: Equipment setup for a typical war drive.
106 Part II ” War Driving


It All Starts with the Wireless Adapter
The essence of war driving is to use the innate capacity of a wireless network adapter to scan
for networks, just as it was designed to do. The IEEE specification for 802.11b (and other
802.11 specs) specifically requires that an adapter be able to detect wireless networks in
the area. The design calls for a user to bring up some sort of network selector and be able
to choose the network as displayed by the SSID. War driving software in general exploits
this scanning ability, with the special distinction that it records and saves the networks for
later review.

Recall from setting up your wireless access point in Chapter 4 that an SSID is the identification
broadcast by a wireless access point. War drivers will record the SSID along with a host of other
information sent out by the access point.



You need to plug in the adapter somewhere, so it really starts with a computer. Since computers
come in every form, it is important to determine the interconnections available.


Types of Adapters
The explosion of Wi-Fi products on the market has created every form imaginable for wireless
network adapters. Recent mass-market developments have begun the transition from external,
after-market devices like PCMCIA cards and USB adapters to integrated wireless devices,
such as laptops using Intel Centrino mobile technology and PDAs with built-in Wi-Fi
adapters. See Table 5-1 for a general overview of the types of adapters available.



Table 5-1 Types of Adapter Interfaces
Type Advantage Downside

PC Card, Most popular. Easy to find with external Sits in laptop. Needs external
PCMCIA connector antenna for range
PCI Most have external connector Not compatible with laptop or PDA
devices
USB Easy to mount remotely. USB cable can Does not usually have external
run more than 10 feet antenna connector
Integrated Wi-Fi Comes built-in to computer Does not usually have external
connector. May not work with WD
software
Compact Flash Works in PDAs. Can work in laptop with Does not usually have external
adapter connector
107
Chapter 5 ” Gearing Up for War Driving


You will have the best luck getting software to work with an after-market adapter. Most inte-
grated devices do not have the open-development community backing the drivers and inte-
gration needed for the most popular war driving software. But don™t give up. Everything is
worth a try!


When choosing an adapter, look for a few key items:

Is the adapter supported by your computer? Most war driving software requires that the
Wi-Fi card be supported by your computer™s operating system (such as Windows) before
it is recognized by the software.
Is the adapter supported by the war driving software? War driving software tends to
work only with specific cards with each specific program. And, since most war driving
software is the result of a labor of love, comprehensive lists of supported cards are not
generally available. On the plus side, war driving software tends to support more cards
with each new release.
Does the adapter sport an external connector? If you™re using a USB card, placing the
adapter high up in the car works similar to an external antenna. When you™re using a PC
card, an external connection is necessary to allow attaching a mobile antenna for the best
war driving results.

Some wireless cards outshine others in the war driving arena. A few PC cards are very popular
with seasoned war drivers. Many of the cheapest wireless cards are not used much due to their
poor performance. Results from those cheaper cards will be mixed. But if you have something
laying around, go ahead and give it a try.
The Orinoco PC card in Figure 5-1 (www.orinocowireless.com) has a good balance
between its internal antenna, external connection, and receive sensitivity. It is also fairly low
cost and is well supported by the war driving community. This is the card of choice for most
war drivers, mostly due to early support by NetStumbler. Unfortunately, this card goes by many
names as the companies supporting it have been bought and sold. Some names are Proxim,
Lucent, Agere, and WaveLAN.


The first few versions of NetStumbler only supported cards like the 802.11b Orinoco, which then
used an internal chip set called Hermes. Old school war drivers reminisce about using Windows
98, NetStumbler version 0.20, and an Orinoco card. All the tools needed for a fun evening spent
cruising around town.



A fairly recent addition to the marketplace is the Senao PC card (www.senao.com). This
200 mW card produces a lot of power for a PC card. (Most cards only transmit about 30 mW!)
And it may also have a more sensitive receiver. The Senao card comes in several variations. This
card is a great war driving card, but is not very well supported by the manufacturer or by the
war driving community. If you have problems getting it working with your system, a Google
search may end up being your best hope.
108 Part II ” War Driving




FIGURE 5-3: External connector and internal antennas on the Orinoco PC card.


External Antenna Connectors
Wireless network adapters are designed by the manufacturer to connect to a wireless LAN.
There are some exceptions to this, but in general, they are not designed for war driving and
don™t have the external antenna connector, you will need to add an antenna.
The antenna built in to the adapter is made to connect to a strong, local signal. When war
driving, you want to pick up the weakest signal possible to increase your chances of detecting
more distant wireless nodes.
The diversity antennas on a PC card are designed to be small enough to fit on the card. And
they work just well enough for a local wireless network. Figure 5-3 shows the internal antennas
on the popular Orinoco PC card used for war driving. Notice the small footprint of the card™s
internal antennas (the two L-shaped metal plates). Attaching a high-gain external antenna will
add receiver sensitivity and boost the output signal beyond the capability of the card itself.
Also in Figure 5-2, you can see the connector used to add an external antenna. As discussed in
Chapters 2 and 3 on building antennas, an external antenna is essential for best results. This is
crucial when driving in a car. The large amount of metal around the passenger cabin acts as a
giant shield, blocking many wireless signals. A rooftop external antenna will increase results at
least twofold.

A Faraday Cage is a shielded enclosure used to test radio and microwave equipment without
leaking signals to the outside of the cage. The passenger cabin of cars and trucks acts much like
a Faraday Cage in that signals do not transmit well outside of the passenger cabin due to the sur-
rounding steel.
109
Chapter 5 ” Gearing Up for War Driving


When choosing a wireless adapter, consider the extra benefit you get from an external antenna.
As discussed in Chapter 1, you will need to use a pigtail to connect the fat RF cabling, used
with an antenna, to the smaller connectors used on Wi-Fi adapters.



Choosing the Right Software
There are many software applications that can be used for war driving. The most popular scan-
ning software can be downloaded from the Web for free.
You will need to pick a software package that works with your laptop or PDA. Also you should
consider other factors, such as setup, support, and results output. For example, for casual, easy
war driving, NetStumbler works great. For more extreme war driving and network scanning,
Kismet is good choice. Also, there are several commercial (for pay) products on the market that
can be used.
When choosing war driving software, interoperability becomes a major factor in your success of
getting the system to work. Most of the scanning software out there requires certain types of
network adapters to function properly. In fact, some software requires a very specific type of
adapter before it will even detect the adapter.
Research the software you wish to use, and compare it to the wireless adapters available to you.
Remember that your operating system will also factor in to what works together. We will focus
mainly on Microsoft Windows XP, but software is available for just about every OS on the
market, including open sources like Linux.


NetStumbler
Made for handy, simple war driving using Windows 98, Windows 2000, and Windows XP,
NetStumbler is available at www.stumbler.net. This is by far the easiest program to use to
get started and produces great results. Indeed, it is used by long-time war drivers. It is also the
most innocuous since it only detects networks that broadcast their existence and reply to
NetStumbler requests. We prefer publishing maps made by NetStumbler because it only shows
these broadcasting hotspots. See Figure 5-4 for a screen shot of a typical main screen of
NetStumbler. As you can see, this screen shows a huge amount of information, but it is all
automatically tracked, leaving you to the driving. NetStumbler presents the most significant
info on the left and the more geeky info to the right.


MiniStumbler
Made for war driving using a PDA running Microsoft Pocket PC 2002, the MiniStumbler is
available from www.stumbler.net. This Mini version of NetStumbler is used for high porta-
bility. The screen is not as complete as the full NetStumbler, but the log files contain the same
information as the full version (see Figure 5-5). Copy the log files to your computer to view in
NetStumbler for Windows. You also need NetStumbler to export the files to your mapping
software.
110 Part II ” War Driving




FIGURE 5-4: The main screen of NetStumbler.


Kismet
Made for war driving using a laptop or PDA running Linux, Kismet is available from
www.kismetwireless.net. This is the most sophisticated of the free wireless scanners. It
works on laptops and PDAs running Linux. This is a powerful software, but it™s also the most
complicated to get working. Kismet is a great tool for scanning networks that don™t show up in
NetStumbler. It also includes features for recording the wireless traffic detected during scan-
ning See Figure 5-6 for what the main screen in Kismet would look like. Note that Kismet has
several different screens and the display can be customized to present information in a myriad
of choices.
Kismet is a passive wireless scanner in the sense that it does not broadcast and request packets
of information from the networks being scanned. It is like a radio receiver tuned to Wi-Fi sig-
nals. Kismet features an ever-increasing list of network recording functions. For a complete list,
visit the Documentation section on the Kismet Wireless Web site. Some notable features of
Kismet include:

The ability to detect other scanning programs like NetStumbler
It will highlight the detected default access point configurations
111
Chapter 5 ” Gearing Up for War Driving




FIGURE 5-5: The main screen of MiniStumbler, a simple version of NetStumbler that runs
on a PDA.



The ability to reveal “hidden” SSIDs from APs with SSID broadcast disabled
The ability to passively sniff and record wireless network data packets

Kismet detects hidden, or cloaked, SSIDs first by detecting the generic signal from the access
point. Then it watches for a wireless client to connect to the AP. When the client connects, it
reveals the associated SSID.



Kismet can and will sniff and record all wireless traffic that passes through it. Encrypted data
packets will appear as garbage and will be much harder, or impossible, to decode and view.
Unencrypted data is totally vulnerable to interception. If a network is unencrypted, Kismet can
watch everything happening without a second glance. Always encrypt your wireless traffic.


These are just a few of the many programs you can use to get your car ready for war driving.
For now, the concern is to get the gear set up and have your car “wired for wireless.”
112 Part II ” War Driving




FIGURE 5-6: The main screen of Kismet.




Using GPS on Your Laptop
One of the most interesting facets of war driving is being able to plot your discoveries on a
street map. This brings a remarkable visual aspect to your efforts. The results of a war drive are
instantly recognizable, and you can make these maps over time to see how Wi-Fi is growing in
your area.
You will need a Global Positioning System (GPS) receiver to feed location information to the
laptop. We will cover this topic in greater detail in Chapter 6, “War Driving with
NetStumbler,” but for now you will want to know a little bit to get your car set up to have a
GPS satellite track your location.
The Global Positioning System is made up of a “constellation” of 24 satellites circling the
Earth. These satellites are continuously beaming a location signal Earthward. A GPS receiver
uses the exact time and location of the satellite to precisely determine your location anywhere
on the globe. The accuracy of your location information is directly related to the quality of your
GPS equipment. The term GPS is generally used interchangeably to refer to either satellites or
receiver.
113
Chapter 5 ” Gearing Up for War Driving




FIGURE 5-7: Handheld, dash-mounted, and dedicated GPS receivers.




Globally Positioning Your System
As one would expect, GPS receivers come in many forms. The most common are the hand-
held, dash-mounted, and dedicated receivers, which are illustrated in Figure 5-7. The most
popular form for in-car use is either the handheld or dash-mounted receiver. Recently, dedi-
cated computer-use-only receivers have become available. These dedicated receivers connect
directly to your laptop or PDA and require the computer to power and display data. Although
you can™t take a dedicated GPS with you on the trail, they work great for war driving!

Universal serial bus (USB) connectors have come to replace the old 9-pin serial ports in most lap-
tops these days. Dedicated GPS receivers often use USB to connect with the laptop. The GPS
hardware ships with software drivers that enable the GPS and power it up when inserted into the
USB port. Follow the instructions included with the GPS software to get it working with your
computer.


Many newer cars come with a built-in GPS navigation system. Having this on hand is great for
finding your way around town. But they generally don™t have the outputs needed to interface
with a laptop. Extensive hardware hacking is usually necessary to get a navigation system con-
figured for war driving.

To feed your location to the computer, the GPS needs to send latitude and longitude information
to the war driving software. When the software detects a wireless network, not only does it record
114 Part II ” War Driving


the access point and signal strength info, it also adds the location information. The latitude and
longitude info can be exported later to plot in one of many mapping programs available.

Picking a GPS Interface
War driving software needs to interface with the GPS via a serial COM port on your operating
system. This COM port can be a physical port, like a 9-pin connector on the back of your
computer connected to COM 1. Or it can be a virtually mapped port.
Virtual port mapping is necessary when using a USB or Bluetooth GPS receiver. It™s also nec-
essary if you are using a Serial-to-USB converter as would be needed on a laptop without a
9-pin serial interface.

Some of the newer PDAs and GPS receivers have built-in Bluetooth connectivity. You can con-
figure the GPS and the PDA to communicate using Bluetooth with a virtual serial port. Set the
Bluetooth serial interface to emulate a COM port, such as COM 5. And set the WD software to
listen on COM 5.

The driver software for the interface (for example, USB or Bluetooth) should have a setting to
perform this virtual mapping. Figure 5-8 shows a USB GPS receiver port emulation screen.




FIGURE 5-8: USB to COM virtual port mapping.
115
Chapter 5 ” Gearing Up for War Driving


The war driving software must be configured to listen on the port to which the physical or
virtual port is set. In addition, make sure your GPS and software is configured to communi-
cate using the same GPS protocol such as the industry-standard 4,800 baud protocol,
“NMEA 0183.”
With so many GPS receivers in the market, you may need to fool your OS to mimic a visible
serial port. The type of GPS will determine the interface available for your computer.
Finally, the GPS communication protocol needs to be compatible with the war driving soft-
ware. Most GPS units have a selectable output. Just make sure it™s set to the same protocol on
both ends.



Picking the Right Antenna
For best results, use an external antenna for the wireless adapter. Since the laptop is resting
inside the car, signals will be very weak. An external antenna (especially a magnet mount) will
pick up more access points from a further distance. Optionally, a USB adapter sitting on the
dash or out on the sunroof has been known to produce good results.
A cross-section of several types of antennas are shown in Figure 5-9.




FIGURE 5-9: Various antenna types (clockwise from top-left): directional Yagi,
directional panel, Magnet mount omni, desktop omni, directional sector,
directional homemade can antenna, and homemade omni.
116 Part II ” War Driving




High-Gain Antenna




Low-Gain Antenna



FIGURE 5-10: Vertical profile of a high-gain and low-gain roof-mounted antenna.




FIGURE 5-11: Commonly used medium-gain antenna. Magnet-mount base makes
for easy rooftop mounting.
117
Chapter 5 ” Gearing Up for War Driving


The antenna we built in Chapter 3 can be used to increase distance while war driving. However,
since it is highly directional, a navigator will have to sit in the passenger seat to sweep “interest-
ing” areas or buildings.



By now, you know that bigger isn™t always better. A high-gain antenna becomes more direc-
tional either vertically or horizontally. Picking the ideal antenna for war driving will depend on
your geography and where you plan to war drive.
For the area that you are scanning consists of very flat terrain with one- or two-story buildings,
you can get away with using a high-gain antenna with a low vertical profile. On the other
hand, if the terrain is mountainous, or you are driving downtown with multistory high-rises on
either side of you, a lower gain antenna works best. See Figure 5-10 for a side view of antenna
profiles.
A medium-gain omnidirectional antenna like that shown in Figure 5-11 is the most flexible for
a variety of terrains and building heights. It™s the popular choice for war drivers in mountainous

<< . .

 11
( 36)



. . >>

Copyright Design by: Sunlight webdesign