| < Day Day Up > |
|
After you’ve returned from your WarDrive, you will have some data. Depending on your area, and the number of WLANs there, you may have a lot of data! If you are inclined to perform any kind of analysis, you may want to use the data in other programs such as spreadsheets or databases. To help you do this, NetStumbler includes the capability to export the collected data in three formats: Summary, Text, and Wi-Scan. However, MiniStumbler does not include an export function. To extract text data from a file compiled by MiniStumbler, the file must first be opened in MiniStumbler.
The export functions are located in the File menu under File | Export | Summary, File | Export | Text, and File | Export | wi-scan. All three are very similar in that they export the information as text files. They differ only in the amount of information that they export. Using the original NetStumbler file used in Chapter 2, we’ll see how the information is exported
As the name implies, Summary exports a single line summary of each WLAN detected in a Tab delimited format. Most of the column headings are the same or similar to the graphical NetStumbler display. Here is the top of a Summary file, and the one line from the first detected AP:
# $Creator: Network Stumbler Version 0.4.0 # $Format: wi-scan summary with extensions # Latitude Longitude ( SSID ) Type ( BSSID ) Time (GMT) [ SNR Sig Noise ] # ( Name ) Flags Channelbits BcnIntvl DataRate # $DateGMT: 2003-12-03 N 44.3702500 W 73.2314583 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 14:59:51 (GMT) [ 28 81 53 # ( ) 0005 00000040 100 110
The Text file format exports the same information, but gives all readings recorded for a particular AP. In this example, the Text file has reported six lines of data for the same AP that was seen in the Summary example.
# $Creator: Network Stumbler Version 0.4.0 # $Format: wi-scan with extensions # Latitude Longitude ( SSID ) Type ( BSSID ) Time (GMT) [ SNR Sig Noise ] # ( Name ) Flags Channelbits BcnIntvl DataRate # $DateGMT: 2003-12-03 N 44.3718317 W 73.2304633 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 14:59:51 (GMT) [ 7 59 52 ] # ( ) 0005 00000040 100 110 N 44.3718317 W 73.2304633 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 14:59:51 (GMT) [ 7 59 52 ] # ( ) 0005 00000040 100 110 N 44.3717967 W 73.2303550 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 14:59:58 (GMT) [ 7 59 52 ] # ( ) 0005 00000040 100 110 N 44.3717800 W 73.2304183 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 15:00:00 (GMT) [ 0 53 53 ] # ( ) 0005 00000040 100 110 N 44.3717800 W 73.2304183 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 15:00:00 (GMT) [ 6 59 53 ] # ( ) 0005 00000040 100 110 N 44.3717750 W 73.2304417 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 15:00:28 (GMT) [ 7 58 51 ] # ( ) 0005 00000040 100 110
Finally, the wi-scan file format exports the multiple readings for each AP, but has fewer columns. This format is compatible with the data from several other WLAN scanning programs. In this example, you can see the same six data lines as in the Text example. However, the Number, Name, Flags, Channel Bits, Beacon Interval and Data Rate columns are not included.
# $Creator: Network Stumbler Version 0.4.0 # $Format: wi-scan # Latitude Longitude ( SSID ) Type ( BSSID ) Time (GMT) [ SNR Sig Noise ] # $DateGMT: 2003-12-03 N 44.2230990 W 73.1382780 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 14:59:51 (GMT) [ 7 59 52 ] N 44.2230990 W 73.1382780 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 14:59:51 (GMT) [ 7 59 52 ] N 44.2230780 W 73.1382130 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 14:59:58 (GMT) [ 7 59 52 ] N 44.2230680 W 73.1382510 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 15:00:00 (GMT) [ 0 53 53 ] N 44.2230680 W 73.1382510 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 15:00:00 (GMT) [ 6 59 53 ] N 44.2230650 W 73.1382650 ( linksys ) BBS ( 00:0c:41:41:2b:b6 ) 15:00:28 (GMT) [ 7 58 51 ]
If you plan on using the Summary, Text, or Wi-Scan text exports for any kind of analysis or mapping, there are several things you need to know about them. First, the text output always shows the Signal Strength data as a positive number. To determine the correct dBm reading, you must subtract 149 from the reading in the text file. This is due to the manner in which the card drivers internally record the numbers.
The second piece of information you need to know is the way that the data is encoded in the Flags and Channelbits columns. As previously noted, the Flag column contains the 802.11 capability information in hexadecimal (base 16). This is also true of the Channelbits field. To determine what data has been recorded in these two fields, you may need to perform some hexadecimal arithmetic. If you don’t understand how to do addition or subtraction in hexadecimal, then you should consider reading up on the subjects. It is not particularly difficult, but it is more complicated than we have space for here.
To determine the values contained in the Flags field, you need to perform the hexadecimal operation AND. For example, you scan an AP; the Flags are shown as 0011. Using AND against 0011 for all the possible values, only 1 and 10 would return TRUE (or 1).
0001 3/4
0002
0004
0008
0010 3/4
0020
0040
0080
0400
Since 0001 indicates Extended Service Set (ESS) or Infrastructure mode, and 0010 indicates privacy or encryption, you therefore can conclude that you have detected a wireless network that is infrastructure-based (it uses an access point) and which has encryption turned on.
A flag of 0035 would be computed as:
0001 3/4
0002
0004 3/4
0008
0010 3/4
0020 3/4
0040
0080
0400
Base on this, you can determine that the WLAN is running in Infrastructure mode, the AP is CF-Pollable, it is using a Short Preamble, and encryption is turned on, as 0001 indicates ESS mode, 0004 designates that the network uses the Contention-Free (CF) Pollable protocol, 0010 shows that encryption is enabled, and 0020 indicates that the WLAN is using the Short Preamble.
The 802.11b channel numbers and corresponding Channelbits hexadecimal codes are shown in Table 3.2.
Channel | Channel Bits |
---|---|
1 | 0002 |
2 | 0004 |
3 | 0008 |
4 | 0010 |
5 | 0020 |
6 | 0040 |
7 | 0080 |
8 | 0100 |
9 | 0200 |
10 | 0400 |
11 | 0800 |
12 | 1000 |
13 | 2000 |
14 | 4000 |
Again, these are encoded as hexadecimal numbers. If multiple channels are encountered, then hex arithmetic will have to be performed to determine the channels from the Channelbits columns.
| < Day Day Up > |
|