Karl Cunningham wrote:
On 3/24/2008 3:28 PM, James G. Sack (jim) wrote:
Mark Schoonover wrote:
On Mon, Mar 24, 2008 at 2:37 PM, James G. Sack (jim)
<[EMAIL PROTECTED]>
wrote:
Tracy R Reed wrote:
Neil Schneider wrote:
Mark Schoonover wrote:
Some dude did a war flight - similar to a wardrive
- in a small plane over San Diego and logged in the thousands. That
was a
few years ago.
That would be our own Tracy Reed.
Indeed it would!
I have been considering reprising this experiment. If anyone has the
equipment and wants to put together a proper scientific experiment
and
do something unique (triangulate the actual location of the AP,
acquire
useful data about the network involved, etc) I would be willing to
give
it another go. We could even fly the same path as before and
compare the
data.
I wonder what kind of antenna you would want/need for this?
I don't know. I've done direction finding work before, but only from
a fixed
location. DFing from a plane would be very challenging to say the
least...
Normally you'd use some kind of Adcock array for VHF or UHF, but not
sure in
the microwave bands.
There is some info tho:
http://www.scitechpublishing.com/index.asp?PageAction=VIEWPROD&ProdID=158
Wouldn't a ordinary omni with hopefully not too thick (and not too thin)
a donut pattern do the job, even? Have to have readings from 2 reception
points, of course (plus altitude). Assuming a flat earth makes it
easier, too. ;-)
Seems like a lot of things need to be done at once, though:
pick a channel
pick a source
try to quickly maximize the source signal
and record direction and altitude
do fast enough to be able to sample all channels, see strong signals
Are there programs to help with this? Hardware?
Could have a script that does continuous iwlist scanning. My
recollection is that a scan takes a second or two to complete, but I
don't know if that varies with number of APs found. Record the MAC
address and signal strength for all APs seen during each scan, along
with GPS coordinates (NMEA-183 text from serial port of GPS). Fly a
parallel search pattern. Then (challenge here) post-process to
correlate data and put positions to MAC addresses.
When an AP is seen on more than one search leg, you should be able to
determine a location based on signal strength in those legs. Where an
AP is seen only on one leg, you can't do as well.
Could be tested by flying patterns over (or driving by) one's own or
other known APs. Could possibly 'normalize' the antenna pattern of the
receiver.
This ignores the radiation pattern of AP's antennas, but I dunno what
you could do about that in any case.
Karl
A single point receiver has no depth perception, like having only one
eye open.
Having two eyes open increases depth perception and the further apart
the eyes are, the farther depth can be perceived.
Affixed to the plane, this would mean two receivers at either nose and
tail, or even better, at either wing tip. I have no idea how this could
be done safely.
But you could get a *much* larger span if one of the antennae could be
"dragged" behind the airplane like one of those banners that's usually
much bigger than the plane and following way behind.
For triangulation, perhaps 3 (each wing tip and a drag-behind) could be
used simultaneously.
A GPS device would allow instantaneous position information for the
aircraft itself. That and direction of travel with triangulation would
allow you to fairly well pinpoint the WAPs on the ground (or elsewhere).
How did the military triangulate enemy radio signals in WWII? (when
their equipment was far more primitive than even what the CB home user
has today)
--
Ralph
--------------------
It's the human urge to light up the dark corners for answers in other
people. But at the end of the day, there are no answers there, just more
lives as sad and singular as our own.
--NUMB3RS, Ben Blakely (portrayed by Enrico Colantoni) on eavesdropping
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
