On Mon, Mar 24, 2008 at 4:20 PM, Karl Cunningham <[EMAIL PROTECTED]> wrote:
> On 3/24/2008 3:28 PM, James G. Sack (jim) wrote: > > Mark Schoonover wrote: > >> On Mon, Mar 24, 2008 at 2:37 PM, James G. Sack (jim) <[EMAIL PROTECTED] > > > >> wrote: > >> > >>> Tracy R Reed wrote: > >>>> Neil Schneider wrote: > >>>>> Mark Schoonover wrote: > >>>>> Some dude did a war flight - similar to a wardrive > >>>>>> - in a small plane over San Diego and logged in the thousands. That > >>>>>> was a > >>>>>> few years ago. > >>>>> That would be our own Tracy Reed. > >>>> Indeed it would! > >>>> > >>>> I have been considering reprising this experiment. If anyone has the > >>>> equipment and wants to put together a proper scientific experiment > and > >>>> do something unique (triangulate the actual location of the AP, > acquire > >>>> useful data about the network involved, etc) I would be willing to > give > >>>> it another go. We could even fly the same path as before and compare > the > >>>> data. > >>>> > >>> I wonder what kind of antenna you would want/need for this? > >>> > >> I don't know. I've done direction finding work before, but only from a > fixed > >> location. DFing from a plane would be very challenging to say the > least... > >> Normally you'd use some kind of Adcock array for VHF or UHF, but not > sure in > >> the microwave bands. > >> > >> There is some info tho: > >> > http://www.scitechpublishing.com/index.asp?PageAction=VIEWPROD&ProdID=158 > >> > > > > Wouldn't a ordinary omni with hopefully not too thick (and not too thin) > > a donut pattern do the job, even? Have to have readings from 2 reception > > points, of course (plus altitude). Assuming a flat earth makes it > > easier, too. ;-) > > > > Seems like a lot of things need to be done at once, though: > > pick a channel > > pick a source > > try to quickly maximize the source signal > > and record direction and altitude > > do fast enough to be able to sample all channels, see strong signals > > > > Are there programs to help with this? Hardware? > > Could have a script that does continuous iwlist scanning. My > recollection is that a scan takes a second or two to complete, but I > don't know if that varies with number of APs found. Record the MAC > address and signal strength for all APs seen during each scan, along > with GPS coordinates (NMEA-183 text from serial port of GPS). Fly a > parallel search pattern. Then (challenge here) post-process to correlate > data and put positions to MAC addresses. > > When an AP is seen on more than one search leg, you should be able to > determine a location based on signal strength in those legs. Where an AP > is seen only on one leg, you can't do as well. > > Could be tested by flying patterns over (or driving by) one's own or > other known APs. Could possibly 'normalize' the antenna pattern of the > receiver. > > This ignores the radiation pattern of AP's antennas, but I dunno what > you could do about that in any case. > > Most radiation patterns are going to be spherical, but - and this is a big but - it'll greatly depend upon what's surrounding the antenna. Any post processing would have to assume line of site to the antenna, with no reflections. Flying above something might not totally work because you could get some odd reflection off a building or some other structure and any post processing would assume it was a legit signal strength. DFing on signal strength alone isn't enough, you really should base it upon the phase difference between several appropriately spaced antennas. It's a tough nut to crack when sitting still, but trying to do it aloft in a fast moving plane would be very challenging and fun! This is how a passive radar system works to detect the stealth fighters and bombers, and one of the reasons why taking out cellphones systems is in the first wave of an attack. All those transmitters going off load up the sky with signals that will bounce off just about anything. With several receivers spread around a geographic area, and all their data correlated together, stealth technology falls apart some.... -- Mark Schoonover, CMDBA http://www.linkedin.com/in/markschoonover http://marksitblog.blogspot.com [EMAIL PROTECTED] -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
