Questions about Wardriving (or Wardriving 101)

[Outer_Heaven]

I have decided to go wardriving for a project I have to do for my Sociology class, but I need some questions answered before I start and before I make any unnecersary expenditures.

1- My main question is this: Do I really have to download wireless sniffer software onto my laptop in order to wardrive. My main objective for my project is determine how many unsecured networks I stumble across and where that signal is comming from. Or will I just know when the little dialouge box pops us saying "connected" and at what signal strength? And if so, will I be able to determine where that signal is coming from?

2- If I do have to download sniffer software and/or I cannot determine whether or not the signal is encrypted or not using my laptop, I have decided I am not going to purchase sofware. I am going to purchase a Wi-Fi detection and analysis device instead. I was reading up about the Digital Hotspotter from Canary, but are there any other detection and analysis devices that do not cost as much that will determine signal location as well as tell me whether or not the signal I am getting is open or secured? I was leaning towards the WiFi Seeker by Chrysalis until I found out it only determines signal strength.

3- I was planning on purchasing a detection and analysis device eventually, anyway, so I don't have to go through the trouble of opening and powering up my laptop only to find that I am getting a signal I can't use. Can I purchase these devices at a store such as Circuit City or CompUSA? Or is the only place I can purchase them from is off the internet? Forgive me for not checking myself. I live out in the country and it's about a half-hours drive to the closest Circuit City and keep forgetting to check it out when I am in the city, which is like everyday.

4- Is there anything else I have to do to configure my laptop before going out on my wardriving escapade?

Any other information, tips, comments, and suggestions would be very much appreciated as well as helpful. I have searched the Wireless Security forum and have also checked to see if any similar topic has been posted before, but have turned up no reults. I even typed in Can I wardrive using only my laptop without wireless sniffer software? using quotation marks and turned up no results. Without them I got all types of crap that wasn't answering my questions.

[phishphreek]

Originally posted here by Outer_Heaven
I have decided to go wardriving for a project I have to do for my Sociology class, but I need some questions answered before I start and before I make any unnecersary expenditures.

1- My main question is this: Do I really have to download wireless sniffer software onto my laptop in order to wardrive. My main objective for my project is determine how many unsecured networks I stumble across and where that signal is comming from. Or will I just know when the little dialouge box pops us saying "connected" and at what signal strength? And if so, will I be able to determine where that signal is coming from?

Most of the stand alone hardware devices are just going to show a signal... not all the good info. They are good for running around work to make sure there is no presence... but not as good as a laptop config.

You can do this with free software tools. There is no need to purchase anything except for the hardware (wifi card, antenna materials, power source, etc). I use netstumbler on windows and kismet on linux. There are many many more tools though. I just find those two the most useful to me.

You can get signal strength. If you have a GPS card, you can also map out your route and log the location. The strength is going to depend on how close you are to the access point. So, you can try to track it down... or go with the 100 meter guess. Most acess points are rated for 100 meters (330 feet) with no interference. Walls and other devices operating on the 2.4ghz spectrum will cause the signal to decrease... so you might not be able to pin point it exactly...

If you only have a 802.11g/b card looking on the 2.4ghz spectrum... you won't find the 802.11a networks on the 5ghz spectrum. 802.11g/b is far more popular than 802.11a.

2- If I do have to download sniffer software and/or I cannot determine whether or not the signal is encrypted or not using my laptop, I have decided I am not going to purchase sofware. I am going to purchase a Wi-Fi detection and analysis device instead. I was reading up about the Digital Hotspotter from Canary, but are there any other detection and analysis devices that do not cost as much that will determine signal location as well as tell me whether or not the signal I am getting is open or secured? I was leaning towards the WiFi Seeker by Chrysalis until I found out it only determines signal strength.

Don't go with a hardware device... they will just show the signal. You need the laptop config for the good information. The software tools will tell you if it is secured or not. Use netstumbler. You can save the logs for later analysis. It'll have the AP name, encrypted or not, manufacturer, strength, etc.

3- I was planning on purchasing a detection and analysis device eventually, anyway, so I don't have to go through the trouble of opening and powering up my laptop only to find that I am getting a signal I can't use. Can I purchase these devices at a store such as Circuit City or CompUSA? Or is the only place I can purchase them from is off the internet? Forgive me for not checking myself. I live out in the country and it's about a half-hours drive to the closest Circuit City and keep forgetting to check it out when I am in the city, which is like everyday.

If you have a 802.11g card, you will be able to detect 802.11g and 802.11b access points. There is no shortage of these. Take this for example... last friday, I was on my way over to a buddies house to work on linux firewall/gateway project. I was bringing my laptop, so I fired up netstubler for the drive. In the short 5 mile drive... I had over 50+ access points! Most of them were wide open. That was all from a main road and not going into industrial parks or neighborhoods... all right from the highway that goes by neighborhoods and industrial parks. I'm sure there are more. I'll find out another day.

4- Is there anything else I have to do to configure my laptop before going out on my wardriving escapade?

Yes, learn how to use the tools first. They are pretty easy to use. Netstumbler is a good one to start. You'll know right away if it is working... take a quick drive and you'll find some. If you don't find any of your neighbors right there.

Any other information, tips, comments, and suggestions would be very much appreciated as well as helpful. I have searched the Wireless Security forum and have also checked to see if any similar topic has been posted before, but have turned up no reults. I even typed in Can I wardrive using only my laptop without wireless sniffer software? using quotation marks and turned up no results. Without them I got all types of crap that wasn't answering my questions.

Read up on a couple different sites before you get started. Determine the best hardware to use. Which cards are supported, which OS you are going to go with, etc.

Before your drive determine what you want to find out. How many APs in a certain "class" neighborhood. How many secured? How many from which brand? How far apart? etc. How many neighborhoods are you going to canvas? Are you going to drive down every street? etc. Are you just going to wardrive neighborhoods or business parks too? What is the differnce in the ratio between access points secured/unsecured in residential vs business?

There are many factors... if you are around a college... you may find a lot more than driving around the retirement park. College kids normally keep up with the technology... where grandma might send an email to her grandson at the senior center....

Don't forget the digital divide... you'll find more in middle/upper class areas than you will in the lower class or section 8 housing areas.

Make sure to plan it out right or your research will be biased. You might find a lot more in an apartment complex because there are more people in less area and its difficult to run wires in apartments. In neighborhoods, there are less people for the area and its easier to run wires.

You'll get a beter signal with external antennas. I've noticed a world of a difference between pcmcia cards that sit on my car seat and usb cards with usb extention cords that I can wrap around my rear view mirror.

If you can get a card that you can attach an external antenna, that'd be great. But then you need to build/buy a cantenna. There are directional antennas and omni directional antennas. But, to start... just use what you have and you'll find out what you need to build if the hobby progresses.

You may want to invest in an inverter for your car... so your laptop can stay powered... You can pick one up pretty cheap. Autozone, radios shack, pep boys, etc. They all have them. You'll find your battery on the laptop dies out pretty quickly. Especially when you increase your scanning.

Also, different tools scan differently. Netstumber is an active scanner... it looks for access points.
kismet is passive... it waits until it sees traffic from an access point.

Here are a couple of sites to get a good idea of what you are going to need and how to configure your equipment.

http://www.wardriving.com/
http://wardrive.net/
http://www.wardrive.net/wardriving/tools

There are plenty more... just look for them.

Oh... if you can... get someone else to either come with you, or to drive. Keep your eyes on the road. No point in smacking up your car. A 6 pack of mountain dew, some good music and some company never hurt any war driver... except for the constant bathroom pit stops.

[Outer_Heaven]

Okay, I just downloaded Netstubler and will read up on that tomorrow. It's getting late here and I gotta get up in a few hours to go to school, but I just wanted to say thank you very much for all the info you provided, especially for the additional research objectives that you suggested. The original assignment is to pick something you have never done before or experienced, such as going to a mosque, volunteering in a nursing home, volunteering for communitty service, etc. then writing about your experience. As I said, my only main objective was just to simply determine how many signals I picked up were unencrypted; how many people I could find that don't realize that they are broadcasting to the world, then write about the dangers of them doing so. I had never thought about comparing the ratios to upper and lower class neighborhoods and industrial areas. That would work out real well seeing how it is Sociology I am doing this assignment for. I apprecaite those suggestions. Thanks much

Oh yeah, sorry about that, I forgot to mention that I am using an XP os.

You'll get a beter signal with external antennas. I've noticed a world of a difference between pcmcia cards that sit on my car seat and usb cards with usb extention cords that I can wrap around my rear view mirror.

If you can get a card that you can attach an external antenna, that'd be great. But then you need to build/buy a cantenna. There are directional antennas and omni directional antennas. But, to start... just use what you have and you'll find out what you need to build if the hobby progresses.

You may want to invest in an inverter for your car... so your laptop can stay powered... You can pick one up pretty cheap. Autozone, radios shack, pep boys, etc. They all have them. You'll find your battery on the laptop dies out pretty quickly. Especially when you increase your scanning.

How much do the usb card and extension cords, as well as the gps card go for? And with the usb and gps cards, will I have to have these installed internally? lol, you already answered my other question about whether or not there was a power adapter that I could plug in to into the cigarette lighter in the ash tray. I was assuming there was, but didn't know for sure.

Yeah, I know all about directional and omni directional antenna's from the military, lol, had extensive experience with that and how to build field-expedient antenna's, but if I was to build one for wardriving, where would I connect it to the laptop and would/should I and how would I ground it? For now I am just going to go with a store bought one, but later on when I have more experience and knowledge of antenna's in relation to laptops I will build my own. I am assuming both have it's advanteges, and imagine that you would use an omni directional antenna while driving around just to pick up on a signal, then you could switch over to a directional antenna once you pick one up and zero in and/or triangulate on the signal to find the source?

Is an encrypted network broadcasting the signal from the router sort of in the same sense as if I was to key the handset on a radio with an encrypted frequencies? But I am guessing that the signal that is coming from the router is one continuous signal after the encryption kicks in, where as with a encrypted radio sending digital traffic it is sent out in burst transmissions to reduce the chance of being triangulated, and the encryption kicks in each time you key the handset.

Oh... if you can... get someone else to either come with you, or to drive. Keep your eyes on the road. No point in smacking up your car. A 6 pack of mountain dew, some good music and some company never hurt any war driver... except for the constant bathroom pit stops.

lol, yeah, I was thinking about that, that is one of the reasons I was kinda thinking WiFi dectection device, so I wouldn't have to keep looking over at the laptop. That, and I wasn't sure if they had adapters for laptops or not.

Okay, thanks a lot again for all the info you provided, and I have been bookmarking and reading up on everything I can find in regards to wireless. I read this link here, about how to build a wireless sniffer, and downloaded the program because I thought that it was one that would just install itself, but when I opened it after downloading it I found it was way beyond my understanding for me to install myself.

[Kite]

dont forget your pringles can...

[Irongeek]

To bad you are using Windows, to my knowledge the are no free tools that put the card into RF monitoring mode so you can find cloaked SSIDs (not broadcasting their SSID). Kismet can detect cloaked SSIDs and can be ran from the Knoppix Linux boot CD pretty easy.

As for USB cards, I don’t know how well supported they are in Netstumbler or Kismet, I’d stick with a PCMCIA card with a Hermes or Prism chipset (them may be 802.11B, but they will detect 802.11G, at least in mixed mode).

[ShagDevil]

Posted by Outer_Heaven
But I am guessing that the signal that is coming from the router is one continuous signal after the encryption kicks in, where as with a encrypted radio sending digital traffic it is sent out in burst transmissions to reduce the chance of being triangulated, and the encryption kicks in each time you key the handset.

I've been researching a wireless router process known as Beacon Intervals. It seems that this may work in a similar fashion as burst transmissions (I'm not entirely sure as I'm still learning about the process). Every 100 Miliseconds the wirless router will send out what's called a beacon, in order to accomplish a variety of things. However, I believe the association process between the client & AP only happens once, unless the client disconnects and reconnects.

In infrastructure networks, access points (not radio NICs) periodically send beacons. You can set the beacon interval through the access point configuration screen. In general, the beacon interval is set to 100ms, which provides good performance for most applications

In an idle network, beacons dominate all other traffic. A packet-monitoring tool, such as AirMagnet or AiroPeek would display a continuous stream of beacon frames. With no user-generated traffic, an occasional data frame carrying protocols used for non-802.11 purposes, such as dynamic host configuration protocol (DHCP) will appear. Of course on networks with active users, a variety of other frames, such as association requests/responses, data frames carrying Internet traffic, acknowledgements, etc., intermix between the beacons

...the beacon serves a variety of functions. For example, each beacon transmission identifies the presence of an access point. By default, radio NICs passively scan all RF channels and listen for beacons coming from access points in order to find a suitable access point.
When a beacon is found, the radio NIC learns a great deal about that particular network. This enables a ranking of access points based on the received signal strength of the beacon, along with capability information regarding the network. The radio NIC can then associate with the most preferable access point.
After association, the station continues to scan for other beacons in case the signal from the currently-associated access point become too weak to maintain communications. As the radio NIC receives beacons from the associated access point, the radio NIC updates its local clock to maintain timing synchronization with the access point and other stations. In addition, the radio NIC will abide by any other changes, such as data rate, that the frame body of the beacon indicates.

Full article here

[Outer_Heaven]

Well, today was a pretty much unsuccessful day. No one in both Circuit City or CompUSA had a clue what wardriving was, so they were of no help. At least I was able to buy an inverter to plug into my truck though, so at least it wasn't a total waste.

I did see 802.11g cards, but I didn't see any 802.11g/b cards. But that got me to thinking, do I still need one even though my laptop is already wireless? Because it looked like to me that they were for converting a laptop that is not wireless into one that is. And I saw some PCIA cards, I believe they were, but no PCMCIA cards. I did notice, however, that a couple of the 802.11g cards did had small, external antenna's on them.

And same with the USB card, even though my laptop has three USB ports, do I still have to get a card? And if so, what specific type of USB card am I looking for? Or are they all the same? I seen some, but I figured I had better go back and check with you guys before making any purchases. The one I most recall was a USB card that had two USB ports on it. So that got me to thinking, I already have USB ports on my laptop. So I thought it best for me to go back and verify with you guys first.

And about using the USB extension cord for an antenna, is that the same thing as the USB extension cable? Because I saw plenty of those an various lengths and with various composites of wire in them, at various prices. But that just seemed too easy, and usually when it seems that way I end up purchasing the wrong item. so again, I figured it best to just hold off on that until I could confirm it.

One more question, if I am using a USB extension cord for an antenna, would I still have to get a 802.11g card, and vise-versa?

I just read up real quick on wardriving.com, and I am leaning more towards, No? I don't need a 802.11g card?

Okay, I am going to shut down in a little while. I'm going to the local watering hole to get me a nice, cold Labatts Blue, I need one

[phishphreek]

I did see 802.11g cards, but I didn't see any 802.11g/b cards. But that got me to thinking, do I still need one even though my laptop is already wireless? Because it looked like to me that they were for converting a laptop that is not wireless into one that is. And I saw some PCIA cards, I believe they were, but no PCMCIA cards. I did notice, however, that a couple of the 802.11g cards did had small, external antenna's on them.

You might not be able to see 802.11g/b on the box. The 802.11g cards can see both 802.11g and b. They are backwards compatible.

The card you'll get will either be a PCMCIA card or a USB card.

If you're just going to use Windows, any card should do. I'm using a Netgear WG511 PCMCIA card that I got at staples under both Windows and Linux.

Most of the mobile cards that you will find won't have an external antenna. The PCI cards for workstations will have the external antennas. However, I do know that the cisco orinoco cards have a spot for an external antenna. However, the external antenna is not necessary. It is ideal... but not necessary.

As for the USB card... I know the Netgear MA111 will work for Netstumbler. However, that is only 802.11b, not g. So, any APs that are configured to work in G only will not show up. Most 802.11 G APs are defaulted to respond to 802.11g/b for backwards compatiblity. The only reason one would set it to work in one mode over the other is because they only have g cards or only have b cards... not both. I have mine set to only g, so anyone who is using b is out of luck.

If your laptop already has the wireless card built in... check to see if netstumbler already works.

Do you know which chipset your integrated wifi is using? Look at the properties of it and let us know the driver you are using.

The only complaint I have about the integrated cards is you don't get nearly as good of a signal with the internal cards. However, they will work. If this is just for a school project... then don't go overboard. Only start getting the gear if this is going to be a hobby of yours. You can easily spend a coule hundred of dollars on equipement that isn't even necessary.

I think you are getting a bit confused about the cards and antennas.

PCMCIA cards go in the little credit card like slot on your laptop. Most of them have an internal antenna, built right into the card. You will not need a USB cord for this.

USB cards are about the size of a pack of Wrigley's gum. They attach via the USB port on your laptop. You can use an USB extention cable to move the card around. The extention cable is not actually the antenna... the antenna is built into the USB "card" itself. You are only using the USB cable to move the "card" around to get a better signal.

PCI cards plug into your PCI slot on a desktop and don't work on standard laptop hardware.
There is such a thing as MiniPCI for laptops... but don't worry about that.

Integrated cards are built right into the laptop. Newer laptops have 802.11g cards built in. You can't attach an external antenna to these and generally have a weaker signal. That is because the antenna is inside the laptop case.

So, to answer your final question. Do you need another 802.11g card? No. If your laptop has an internal card built in, try to use that before buying more hardware.

You'll just have less signal strength when wardriving. If it is just for a school project and isn't going to become a "hobby"... then I wouldn't waste the money. Just be sure to list the hardware you use in your research, etc.

[RoadClosed]

Hey Shaqdevil,

Lets talk about burst transmission.

It seems that this may work in a similar fashion as burst transmissions

The beacon in 802.11 does not really align with burst communications. The term is normally reserved for high grade security applications (military). In that a particular characteristic must be met before transmission. For instance, a window in an open satelite channel, a plane flying over head, the line of sight of the moon, or the life span of usable meteors (the kinds falling in the atmoshpere).

In the 802.11 application, the term bursting in this case is nothing more the channel hopping (in my opinion). The data is continuous; however, a channel is only active for a small amount of time and then it switches to another, then another in a seemingly random pattern but it is not random. Bursting communications is slow. You would have to wait every few soconds while a file dowloaded if that was the case, you would get a burst of data then nothing. Having clarified the over all term of burst communications verus continuous, if you look at the function itself it does burst.

Say you are channel 1 and you have a predetermined time to send data. You wait until its your turn and burst a few thousands of a second worth of stuff and then you stop. Then a few more thousands of a second later you do it again. If you are monitoring using an 802.11 card this is transparent. But while you are stopped another channel sends the data in a continuous stream. The beacon doesn't even come into play. It operates in frames and frequencies outside the data stream.

You seem interested interested in the stuff so I thought I would mentions some "details" You have uncovered the gateway to a wireless access point. Manipulation of management frames has security potential, but removing them takes away the network.

[Outer_Heaven]

Do you know which chipset your integrated wifi is using?

Not yet, but as soon as I get home I will edit and let you know.

If this is just for a school project... then don't go overboard. Only start getting the gear if this is going to be a hobby of yours. You can easily spend a coule hundred of dollars on equipement that isn't even necessary.

Lol, yup, I'm finding that out. But yes, this is something that I will be doing after my project is completed. I was in Borders yesterday, found a crap load of very good books, including one on wardriving, called, well, go figure, "Wardriving," and was so close to buying it, but they wanted $50 for it. so, for now I am gonna be cheap and just keep going back to Borders to read it, because I bought three other books yesterday, inluding that book called "Chatter," about global eavsdropping and that Echlon program which I am looking forward to reading wheh I get the chance. But yes, I definately plan on diong this for a hobby after the project is completed.

I think you are getting a bit confused about the cards and antennas.

PCMCIA cards go in the little credit card like slot on your laptop. Most of them have an internal antenna, built right into the card. You will not need a USB cord for this.

USB cards are about the size of a pack of Wrigley's gum. They attach via the USB port on your laptop. You can use an USB extention cable to move the card around. The extention cable is not actually the antenna... the antenna is built into the USB "card" itself. You are only using the USB cable to move the "card" around to get a better signal.

Okay, gotcha, I know and understand EXACTLY what you are talking about now. Yes, I do have a PCMCIA slot, and yes, the usb cable with usb card is perfectly clear to me now. Thanks for being patient there So I just ask the for any usb card? And if that's the case, could I just take the usb receiver that I use for my wireless mouse, hook that up to a usb cable, plug the cable into my usb port and I'll have an external antenna? Or will I need a different usb card and the one I use for my wireless mouse not good enough and/or do I need different software for it?