Results 1 to 7 of 7

Thread: WAP Locating App

  1. #1
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741

    WAP Locating App

    I tried looking on here quickly but didnt find what I am looking for.

    I want to assess my network in a building that is over a million square feet.
    I am looking to locate all AP's Rogue and ones that belong.
    I am open to using *nix or Windows App
    I dont want to really spend any more money
    The current infrastructure is Cisco Based

    My Setup:
    Dell D620 laptop
    Cisco Aironet Air CB21AG-A-K9 Card 802.11 A/B/G
    Running Windows XP

    What I have tried:
    We have an application called AirMagnet which is good but only licensed to one of our laptops and I am really hoping there might be something Open Source out there that is better.

    I booted off a Distro Called BackTrack which is a compilation of Whax and some others I think. I used Kismet and while it was a good application I really want something that will home me in on the exact location of the AP.

    What I want
    Find AP's whether or not they are broadcasting their SSID
    See if People are connected to it
    Home in on the exact location of the Signal
    Pull MAC of the AP
    Attempt to connect to the AP

    my knowledge in linux is limited but there is a willingness to learn if it is beneficial.

    I appreciate any advice that anyone can offer.

    Thanks
    Spy

    Edit... I cant spell
    Last edited by Spyrus; October 2nd, 2007 at 05:13 PM.
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    For you to "home in" on AP you would preferably need a GPS receiver so you can correlate the AP's signal strength to your position. Kismet can handle that and everything else too.

    Kismet+GPS and start walking. After that you can analyze the data and make beautiful colored maps.

    Another way to "home in" is by using a directional antenna and looking at the signal strength..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    Where would one find a GPS receiver for this application?
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  4. #4
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    DjM

  5. #5
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I used NetStumbler last winter in a similar situation to track down a
    rogue WAP in our plant. It's a free Windows app that'll give you the
    signal strengths for anything broadcasting on all eleven 802.11 wifi
    channels. One of the contract engineers had ran a wireless router
    off a drop on the assembly floor. After fielding several questions from
    our users about the "new" WAP and a comment of the VP in charge
    of IT, I installed NetStumbler on a loaner laptop and proceeded to do
    a walkabout in the plant. I was able to find it by simply gauging the
    signal strength as I moved around. It wasn't the fanciest way to track
    down the rogue WAP, but the price was right.

    To see the people connected to it, I was able to simply login as the
    router still was in a factory config. My favorite method for checking the
    "population" of any given network is to run Ettercap and scan for hosts.
    It's pretty simple to do, even from Windows. I run a VM (VMWare Player
    or Workstation) and launch a security Linux distro like Nubuntu or Back-
    Track to run Ettercap. You could use the same method to run nmap
    to portscan the IP address of the rogue WAP and that should give you
    the MAC address. Nmap also runs from Windows if you install WinPCap
    too.

    If you got the money for a GPS receiver, great, but that's probably a bit
    of overkill.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    If your laptop has bluetooth you can use those same GPS "mouse" receivers they're using with those mobile navigators. Works like a charm

    One note though.. NetStumbler is an active scanner. It sends out a probe and listens for APs responding. An AP with SSID broadcasts turned off will not respond to these probes. Kismet is a passive scanner. It just listens and will find any wireless network (there's always some traffic needed).
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Quote Originally Posted by SirDice
    Kismet is a passive scanner. It just listens and will find any wireless network (there's always some traffic needed).
    Duly noted, SirDice. Thanks.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Similar Threads

  1. Locating a port on a switch
    By Spyrus in forum Network Security Discussions
    Replies: 11
    Last Post: May 16th, 2005, 06:02 PM
  2. Locating unanswered help requests
    By nixkl in forum Site Feedback/Questions/Suggestions
    Replies: 2
    Last Post: April 5th, 2003, 01:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •