On 3/24/2008 3:28 PM, James G. Sack (jim) wrote:
Mark Schoonover wrote:
On Mon, Mar 24, 2008 at 2:37 PM, James G. Sack (jim) <[EMAIL PROTECTED]>
wrote:
Tracy R Reed wrote:
Neil Schneider wrote:
Mark Schoonover wrote:
Some dude did a war flight - similar to a wardrive
- in a small plane over San Diego and logged in the thousands. That
was a
few years ago.
That would be our own Tracy Reed.
Indeed it would!
I have been considering reprising this experiment. If anyone has the
equipment and wants to put together a proper scientific experiment and
do something unique (triangulate the actual location of the AP, acquire
useful data about the network involved, etc) I would be willing to give
it another go. We could even fly the same path as before and compare the
data.
I wonder what kind of antenna you would want/need for this?
I don't know. I've done direction finding work before, but only from a fixed
location. DFing from a plane would be very challenging to say the least...
Normally you'd use some kind of Adcock array for VHF or UHF, but not sure in
the microwave bands.
There is some info tho:
http://www.scitechpublishing.com/index.asp?PageAction=VIEWPROD&ProdID=158
Wouldn't a ordinary omni with hopefully not too thick (and not too thin)
a donut pattern do the job, even? Have to have readings from 2 reception
points, of course (plus altitude). Assuming a flat earth makes it
easier, too. ;-)
Seems like a lot of things need to be done at once, though:
pick a channel
pick a source
try to quickly maximize the source signal
and record direction and altitude
do fast enough to be able to sample all channels, see strong signals
Are there programs to help with this? Hardware?
Could have a script that does continuous iwlist scanning. My
recollection is that a scan takes a second or two to complete, but I
don't know if that varies with number of APs found. Record the MAC
address and signal strength for all APs seen during each scan, along
with GPS coordinates (NMEA-183 text from serial port of GPS). Fly a
parallel search pattern. Then (challenge here) post-process to correlate
data and put positions to MAC addresses.
When an AP is seen on more than one search leg, you should be able to
determine a location based on signal strength in those legs. Where an AP
is seen only on one leg, you can't do as well.
Could be tested by flying patterns over (or driving by) one's own or
other known APs. Could possibly 'normalize' the antenna pattern of the
receiver.
This ignores the radiation pattern of AP's antennas, but I dunno what
you could do about that in any case.
Karl
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
