Slashdot Mirror

← Back to Stories (view on slashdot.org)

WLAN Visualization Meets GIS Mapping

Posted by ryuzaki0 on from the pat-metheney-meets-wifi dept.

martin dodge writes "The Wireless Ntwork Visualization Project (Univ. of Kansas) has an interesting alternative to just dot maps of wlan base stations. These guys are mapping out the zone of availability using gis. nice maps using aerial photographs backdrops as well. If you are interested, check out other ways of mapping 802.11b network infrastructure. "

12 of 86 comments (clear)

  1. FYI, GIS==Geographic Information System by wiredog · · Score: 3, Informative

    In effect, map data stored in a database. I've seen maps like those in the article before. The first I saw was in 1993, but it didn't have nice colors. It was from a company that determined FM signal coverage, when given the location of the transmitter and its signal strength.

    --

    Best Slashdot Co
  2. Cool old use for new! by Lumpy · · Score: 4, Informative

    These were done years ago for FM radio coverage and many "more sophisticated" ham radio repeaters back in the late 80's. It's pretty cool and accurate enough. (although not very accurate inbetween distant points unless you add a topo data set to the GIS dataset.. Grass is an excellent GIS package for Linux that gives linux users the power of multi-million dollar GIS systems in their basement... and this is a great way do use that cool tool.

    --
    Do not look at laser with remaining good eye.
  3. Re:I love it! by BeBoxer · · Score: 4, Informative

    For doing this type of war driving, you don't need to actually connect to each AP. The card is put into a low-level promiscuous mode, so it can receive all packets. Every AP sends out a continuous stream of 'beacon' packets which the software can use to determine what networks are available. Also, at least on Prism-based cards, you get both a signal and noise measure for every packet received. So you just drive around snarfing up packets, and every one you get you can check for the source MAC address (to determine the AP) and the S/N ratio. No need to talk to the AP's at all, it's totally passive.

    One thing you do need to do is change channels. 802.11b specifies 11 channels (in the US), so to be thourough you should check them all. To be efficient, you can only check 1,6,11 because that's what everybody uses. Depending on how many channels you are checking and how fast you scan puts a limit on how fast you can drive and expect to pick everything up.

    Of course, if you are just checking out coverage for a specific AP, you can stay on it's channel and wander around the immediate area to get lots of good data points about it's coverage. It all depends on what exactly you are trying to accomplish.

  4. Not quite the same but still... by dr_labrat · · Score: 4, Informative
    I know its not the same sort of thing, but Interrorem have knocked up a perl script that converts Netstumbler (Wlan mapping tool) logs into UK streetmap locations.

    You can see it in action here

    Its very handy to get a clearer idea of where exactly those pesky APs are when you blat past them in a batmobile with a pringles tin sticking out the roof...

    --
    The secret of success is honesty and fair dealing. If you can fake those, you've got it made. (Marx)
  5. Grass - Public Domain GIS System by lw54 · · Score: 2, Informative
    For those interested in doing some GIS work of your own, there is the public domainGeographic Resources Analysis Support System.

    Also, most GIS work is done using ESRI's GIS and Mapping software.

  6. Re:Wireless Mapping by CmderTaco · · Score: 0, Informative

    Try linking next time...

    --
    - Marco
  7. Re:Secuirty related questions. by dr_labrat · · Score: 4, Informative

    It certainly raises the bar with regard to mapping.

    Many APs allow the user to turn off the SSID broadcast, however if someone nearby has popped their WLAN card into monitor mode, this will enable them to listen into the raw 802.11 frames that carry all your precious data.

    Plus anything else that happens to float by on channel 10 for instance.

    sniffer-pro and more importantly airopeek both do this.

    Mac list restrictions can be overcome in this manner as well: you can specify a MAC by using Ifconfig under linux :)

    kismet does this nicely as part of its "ip address space" discovery work, along with cisco infrastructure enumeration with CDP.

    Your plan *should* be pretty secure against casual "browsers". Unless your company has made some enemies recently or is worth something in "Commercial Intelligence" terms, you should be pretty clean.

    Of course, I would put a VPN in *as well*...

    --
    The secret of success is honesty and fair dealing. If you can fake those, you've got it made. (Marx)
  8. Re:hand-over and ipv6 by kent_eh · · Score: 2, Informative

    hand-over is what you want, i.e. the ability to have a permanent session when you switch from one transmitter to another. It is embedded in cellular networks (PCS, GSM, 3G, etc.) but is not (I think) a 802.11b feature, which was built for home, soho networks, not wireless internet coverage.

    How the cellular network does this is to have a central computer (the cellular switch, or BSC in a GSM network) monitoring the RF connection to each subscriber's mobile. If tht S/N, BER, or overall recieve level reaches a threshold, the switch starts querying surrounding base stations to get a signal measurement on the mobile. If another base station has a better signal, then a handoff (handover in GSM) is begun.

    At the minimum, what would have to happen to make 802.11b do this is central co-ordination.

    --

    ---
    "I can't complain, but sometimes still do..." Joe Walsh
  9. Netstumbler by Nerftoe · · Score: 4, Informative

    With netstumbler, it's easy to map out your freshly discovered APs easily. After you have returned from some wardriving, simply export your netstumbler log, and upload it here. It will output a Microsoft MapPoint 2002 file which will display a pushpin covered map which shows you all the APs that you just discovered.

    1. Re:Netstumbler by BadlandZ · · Score: 2, Informative
      Funny to see Netstumbler being pimped on SlashDot... I would have thought you guys would only mod up something for Linux like WaveStumbler or AirSnort.

      And no mandatory mention of clusters used for War Driving yet?

      Come on SlashDotters, I'm disappointed.....

  10. Geographic Information Science as well... by GianfrancoZola · · Score: 2, Informative

    ...depending on the crowd. Among plenty of academics (especially geographers) GIS = Geographic Information Science. Partly this is because there is quite a bit of ongoing research into the techniques and principles underpinning the technology.

    The other reason is that there actually is (in an ideal world) a bit of expertise required--and familiarity with geography, and no I'm not talking about "What's the capital of so-and-so"--to fully understand what you are doing with the data.

    I've found a great deal of folks in the public and non-profit sectors who are far too cavalier with their interpretations of data that they crunched on for a while...they think that because they used expensive software they must be getting some real value out of it.

    Anyway, the point is that it's not some black box technological marvel. There is plenty of Science (geographic, statistical, etc etc) behind the Systems.

    GRASS GIS is cool but sadly I work at a Winders shop, so it's ArcGIS for me (and plenty of contact with the abhorrent DBF file format). :(

  11. Re:Smoking Crack... by CaptCosmic · · Score: 2, Informative

    You're claim that their security tips are useless is silly.

    > use wep (airsnort)

    Using WEP is the same as remembering to lock the doors of your hose. People can still pick the locks, but they have to be determined to get in.

    > obscure your ssid (set client ssid to ANY)

    This should be combined with the suggestion below to turn of SSID broadcasts.

    > change default passwords on APs (duh)

    Just because its obvious to you, doesn't mean it isn't worth mentioning. People are stupid and need to be reminded of the obvious.

    > disable broadcast ssid, but you can't (haha)

    Funny, on all of the Access Points I've dealt with, there was either an option called Disable Broadcast SSID, or Closed Network. Checking these meant that you had to know the SSID in order to attach to the network.

    > upgrade firmware (what's that gonna do)

    Why should we apply patches to Apache or IIS? What's it gonna do?

    > enable MAC filtering (Lucent WaveLAN cards have a tool to set their MAC address)

    Yes, but there are 2^48 MAC addresses. Guess which ones are allowed to attach to my network.

    > Turn off your access points when you are not using them (how mann people are going to do that)

    I agree that this is unlikely to happen. But that doesn't mean that it isn't a legitimate way to keep people from using it.

    Wave point placement and antenna selection (attacker can use a 12dBi yagi and point it straight at your house)

    This point I don't know enough about. It is probably the least useful of any of the suggestions. Especially since most people tend to use the antennas that come with their Access Points

    --
    -> Capt Cosmic <-