the gps mouse (far left) and the notebook with kismet and gpsdrive running.
this is a mini-howto for )( using open source software.
(here ")(" means "wardriving" and wardriving in turn means moving around while
scanning for wireless networks.
the term is not well-chosen IMHO and should not be
associated with "war" in any way.
you can be very well a "wardriver" and a pacifist at the same time.
i use "warXing" as an abbreviation for wardriving, warwalking, warriding or any other warmoving.
sometimes i use "wardriving" instead of warXing just because it is the most well known term.)
|
what you find on this page:
|
back to my )( home page
the gps mouse (far left) and the notebook with kismet and gpsdrive running.
this is a short guide how to do )( using open source software. thus i will not cover any of the many proprietary device drivers as offered for many wlan devices. in fact the only real open source driver i know of (and that i have experience with) is the linux-wlan-ng driver which is still under development. also i will limit myself to talking about linux (suse and debian) simply because i do not have any experience with the other open operating systems, except the following:
on a different notebook (acer travelmate) i tried very shortly the "war-bsd" live-cd distribution. i just verified that it boots, can configure the netgear wlan pc-card, and the sniffer program runs.
this mini-howto is just one example how you could do )(, but in no way a complete guide.
installation of wlan and )( software is in most cases not really easy. you will need some skills above double-clicking an installer application... but of course if you do not yet know how to install a tar-ball or how to compile a kernel you can learn it. i learned it too... ;-)
i use a pretty normal 2002 notebook with just one special feature: an internal mini-usb wlan device.
as it turned out usb based wlan devices are not really more complicated than the usual pc-card wlan
adapters but there is just much less collective experience available as most people use the pcmcia cards.
a completely different story would be talking about pdas like zaurus or yopy.
there are special versions
of some )(-applications but i do not have used such machines myself.
i am still planning to acquire an apple powerbook or ibook later this year.
as soon as i have it here i will
report about doing )( with the powerbook too.
i have a page about my notebook and its wlan module here.
my notebook does not provide the legacy i/o-ports (i.e. parallel and serial). so i had to search for a usb-based gps device.
in march 03 the cheapest offer available to me was a holux gm-210 gps mouse with an extra usb adapter.
at first the separate adapter with the extra long cable seemed a drawback to me. in the meantime i find it is quite useful when i put the gps mouse beneath the front windshield of my car and still i am able to put the notebook on the central table (middle seat of the middle seat row of my van). this not only looks cool but also gives best receiving conditions for the integrated wlan antenna.
the gm-210 has a strong magnetic foot which allows to put it on the roof of the car. this magnet is so strong you must be careful to not let it near your notebook's hard drive. i use a steel plate under the gps mouse when storing it in my backpack, the steel will shorten the magnetic field so it can do no harm.
my notebook runs about two hours from one battery. i own a second battery, so i can do a 3 to 4 hour tour or walk using just the batteries. obviously i must interrupt my trip after at most 2 hours to shut down linux, change the battery, and boot again, and restart the )(-software.
for longer routes i bought a belkin "ac anywhere" 140watts at 230volts converter with nearly sine wave characteristic.
(in the section wardriving below i will have to say some caveats about this product...)
the main advantage of this inverter is it costs just around 70 euros.
besides linux there are other open source operating systems, but i will focus on linux, and i will mention only the suse and debian distros, again because i do not have personal experience with other systems.
the main application for )( is a program that searches all 802.11b channels for access points or other wlan devices, reads in the current gps coordinates and protocols the found networks into some useful file or data base. windows users mostly use netstumbler for this purpose. for linux there are several open source programs. i tried to use the german software wellenreiter but i never managed to find all required libraries. i gave up on that and switched to kismet.
i like kismet very much. it is the exact opposite of "resource hungry". it does not even need the x window (xfree86) system, so you can use it on older and slower notebooks if you like. another advantage is it does its work completely passively, it does not send any wlan packet, so it is not possible for wlan admins to know they are sniffed. further it has many analysis tools accessible with just one keystroke, nice while driving.
a cool companion program to kismet is gpsdrive. this austrian software scrolls a map automatically while you are moving around, showing the distance to your target as the bird flies, your current position and direction, and it draws the found networks into the map, all in real time. (of course gpsdrive requires the x window system. additionally it requires the mysql database server running.)
another useful companion (if you managed to get your notebook's sound system going) is the festival text-to-speech software.
now kismet will read out the found networks loudly like: "new network found. ssid is thd-wireless. channel 6. network open."
intersil's wlan chipset prism was one of the most commonly used in the last years. in the meantime many new 802.11b designs use other chipsets. unfortunately for most of the more modern chips there is no open source driver support. luckily my internal mini-usb device is prism-based and thus it is supported by the open source project "linux-wlan-ng" by absolute-value-systems. in the following i will only talk about the linux-wlan-ng drivers for the prism chipset.
the gpsd demon reads in the gps data from a serial port. if you have to use usb based hardware your linux kernel must have serial-over-usb support enabled. this is the default for newer suse distributions, but not for the current debian system. if you use the debian distribution you will have to compile your own kernel. if you never have done this before, be prepared to spend some extra time to learn how to compile a new kernel. while this is not really easy, it pays off anyway just because it feels so good to have done it successfully...
linux-wlan-ng needs the fully configured kernel source matching your running kernel.
if you have to compile your own kernel, or had done so anyway, just make sure the link
"/usr/src/linux" points to your current kernel source directory.
otherwise you will still need to install the appropriate source tree and check this link.
further
the source tree has to be fully configured.
you can configure your kernel (without installation) by doing the following steps:
(this is a dirty recipe, some steps may be superfluous but i don't know it any better, sorry)
once the kernel sources are configured correctly, the linux-wlan-ng driver installation is straight-forward. after downloading the tarball you unpack it with the command "tar -xzf linux-wlan-ng-version" in an appropriate directory (in your home dir or you can put it into "/usr/src"). the install procedure is well documented in the README file inside the source directory. basically the steps are "make config", "make all" and "make install".
after installation the hard part comes: configuration.
long and frustrating experiments with the various network boot scripts and hotplug scripts i finally gave up on both and did the following brute force configuration:
i changed all wlan-related init scripts i could find in such a way that they return immediately, doing plain nothing. this is easy by inserting a "exit 0" command at the beginning. these scripts differ significantly between distributions, even between versions of the same distro, so i can not give general rules.
you can read more detailed hints on my linux and wlan page.
for the installation of kismet i downloaded the tarball (v.2.8.1 was current at that time) and
then i followed the README file.
you should pay attention to the warnings during ./configure and make. if those finish without errors that does not necessarily mean everything went well.
for instance, if the devel libs of imagemagick were missing, kismet will be built but the gpsmap script will not be created.
very important is to edit the two config files of kismet
carefully, the defaults do not work for prism based hardware. the two config files
(in "/usr/local/etc/")
are self-documenting, so it is not too hard to get them right.
the most important settings are for the packet type. choose "source=prism2,wlan0,prism" for your
prism based wlan device. also the gps and festival settings need to be "true".
at least for my sound hardware the
volume parameters for the sound playing do not work. but the sound for network traffic was much too loud.
on the other hand the festival voice needs the overall sound volume setting at a high level. my workaround
was to make a new low-volume sound with some wave editor and use that as the network traffic sound (i.e. set it
in the kismet_ui.conf file).
also important is the setting of the user account under which kismet runs.
you have to set the very user account that you use for doing )(.
gpsdrive installation: i just followed the instructions. the one thing to configure is the linux device where gpsd (the demon comes with gpsdrive) should look for the gps mouse. in my case (for suse) this was the port "/dev/ttyUSB0", which was not easy to find out. for debian i never managed getting gpsd to find my gps mouse, maybe i did not configure my kernel correctly.
festival installation: just follow the instructions. you have to install the three basic voices and the application program. the easy installation procedure results in a rather large application footprint. if you have to save space on your harddisk you will have to dwelve deeper into the docu to get a minimal space usage. when i remember right i did not have to configure anything, festival just worked out of the box.
as starting all the programs in the correct order is tedious, i wrote a small script which does the job, and put it into my path and created a kde icon so i can click it with the mouse.
my script "Kismet" (note the capital K) looks like this:
#!/bin/sh
#script "Kismet": start kismet and friends in the correct sequence
PATH=/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:$PATH
gpsd -p /dev/ttyUSB0
sudo kismet_monitor
sleep 1
if [ $# -lt 1 ] || [ $1 != -nohopper ] ; then
echo "=> use option -nohopper if you do not want to use kismet_hopper"
sudo kismet_hopper -n &
fi
kismet
# end-of-script
of course this script requires to configure sudo (via visudo) to allow the user to call kismet_monitor and kismet_hopper without having to enter a password.
i did not include starting gpsdrive at the end of the script.
instead i use a second icon to start gpsdrive only if i really want it.
the advantage is that i can use the above "Kismet" script even
when i boot into a linux environment without the x window system, for example when warwalking.
the first step for preparing a pleasing )( experience is to download the maps for gpsdrive.
you can do this interactively by putting gpsdrive into the "position mode" and using the download map command.
of course this is to be done at home where you have internet access. once you start kismet your
wlan device will be put into monitor mode, which means you no longer can use that device for accessing the
internet, even if an open access point is in reach. theoretical you could use a second wlan card for
being online at the same time, but in most countries this would be illegal if this is a foreign
network, or it would be very expensive, if it is a commercial hotspot, and most of the time while
on the road you will have neither anyway.
or you could use a gms or gprs modem (cellular phone)
for internet access on the road, but i regard this to be too expensive, too.
so plan your route carefully and download all needed maps
at home, in all scales you will like to use.
the opposite of the interactive method is to use the download script of gpsdrive, which is able to download
all maps for a specified region in a certain scale. but i do not like this method, so i
will not comment here.
to start a wardriving tour takes some time for preparation. don't think you just jump into the car and start off instantly. (this can be a problem when driving with somebody else who just wants to go to fetch something...)
i find i need around 10 minutes to get ready for wardriving:
the dc/ac converter plugged in.
the gps mouse under the windshield.
the notebook on the middle seat used as a table.
now the tour may begin, and the fun begins, too. if in a good area, kismet finds networks much
faster than festival is able to keep up with, announcing one network after the other... at the same
time gpsdrive shows the appropriate map, clearly indicates your position and direction (yes i can
use this for navigation while driving, if traffic is not too bustling) and inserts the found networks
graphically.
this is what wardriving is all about! this is the fun part.
the nasty dc/ac converter will shut itself down if it gets too hot. also when i turn off the engine, for instance while parking, and then later start the engine again, the board 12v dc supply will be shortly off. in many cases the converter will not come up afterwards, i will have to leave the car, go back, open the deck lid and try to reboot the converter. this is not like it should be and certainly cries for improvement.
luckily the tidy-up at the end of the trip is done much faster than the setup: packing everything just takes
around 2 minutes. the only important rule is to first stop gpsdrive, than kismet, than shut down.
otherwise some process will hang up.
while the notebook is shutting down i can already close the lid and put it into my backpack, and store the
gps mouse and ac adapter away.
i have prepared my eastpak backpack with a steel platform on the top.
the magnetic foot of the holux gps mouse will hold it safely in place, facing the sky - and the gps satellites.
for warwalking i have to:
the magnetic gps mouse snaps to the steel platform.
i often wonder what passers-by think about kismet talking out of my backpack stories like "new network found... network encrypted."?
warbiking is fun too, but it is not really different from warwalking.
warXing per ship or glider (motorless plane)? i never tried...
when you succeeded to draw the maps to your likings, you will want to publish them on one of
the wardriving web portals or on your own site. you can specify the image coding (png, jpg, gif)
in the call to gpsmap which avoids quality loss when recoding to a different format.
when
choosing the labeling options, be careful to not publish illegal contents.
(i.e. i think that publishing (e)ssid names is problematic at least in european countries.)
back to my )( home page
|
|
