Hack 22. Map Wi-Fi Networks with Kismet and GPSd
Use these two powerful Linux tools to map out the locations of Wi-Fi networks.
GPSd [Hack #20] is a great tool to get data from your GPS receiver. You can make it even more powerful by combining it with Kismet [Hack #29], allowing you to physically map locations of wireless networks.
In order to make this work, you will need to have both GPSd and Kismet installed and functioning with your Linux system. Consult the hacks on both pieces of software if you have setup questions.
If you plan to do some network mapping with Kismet, keep the following in mind:
- Put the computer somewhere safe and out of the way. Don't put it someplace where a sudden stop will send it into your lap or through a window.
- Forget that the computer is there while you are driving. If you have to fiddle with it, pull over first. If you can have a friend ride with you who can operate the computer, all the better. Do not let the computer distract you while you are driving.
- Make sure that the GPS gets a fix before you start driving. It's a lot harder for it to get a fix while you are in motion.
- Put the GPS somewhere that it can easily pick up the satellite signals. Your best bet is to get a magnetized external antenna that can attach to your roof. Be sure that there are no loose wires sticking out of your window. Don't slam the wires in the door!
Above all, when you are driving a car, your first responsibility is to drive safely. Pay attention to the road and drive carefully.
To begin mapping networks with Kismet and GPSd, take the following steps:
- Load any modules needed for the serial port you're using for the GPS (optional):
$ sudo modprobe pl2303 $ dmesg | grep tty ttyS00 at 0x03f8 (irq = 4) is a 16550A ttyS02 at 0x03e8 (irq = 4) is a 16550A usbserial.c:PL-2303converternowattachedtottyUSB0(orusb/tts/0for devfs)
- Start GPSd, specifying the serial port with -p and the speed with -s:
$ sudo gpsd -D9 -p /dev/ttyUSB0 -s 4800 Telnet to GPSd and use p until you have a reliable fix, then disconnect when you are done: $telnet localhost 2947 Trying 127.0.0.1… Connected to debian. Escape character is '^]'. p GPSD,P=0.000000 0.000000 p GPSD,P=41.485882 -71.524841 ^] telnet>q Connection closed.
- Launch Kismet with the -g (GPS) switch, and specify the hostname and port that GPSd is listening on:
$ sudo kismet -g localhost:2947
- Go for a drive. Press Shift-Q when you are done with the drive to terminate Kismet.
When you shut Kismet down, it writes out logfiles. Check the logtemplate setting in kismet.conf to see where it puts its log files; for example:
logtemplate=/var/log/kismet/%n-%d-%i.%l
Kismet writes several logfiles in the logtemplate directory (in the following filenames, I starts at 1 and increments each time you run Kismet on a given day):
Kismet-MMM-DD-YYYY-I.csv
Kismet log in semicolon-separated fields, one line per entry. The first entry contains the field names.
Kismet-MMM-DD-YYYY-I.dump
Kismet log in a pcap(3) format suitable for loading under Ethereal (http://www.ethereal.com).
Kismet-MMM-DD-YYYY-I.gps
Kismet log in a format designed to be read by the gpsmap utility, which is included with the Kismet distribution.
Kismet-MMM-DD-YYYY-I.network
A human-readable dump of the networks that Kismet encountered.
Kismet-MMM-DD-YYYY-I.xml
Kismet log in an XML format.
To generate a map, run gpsmap on the .gpslog file. See the gpsmap manpage for all the drawing and mapping options. If you choose to use a downloaded map (the default), you must be online. Figure 1-60 shows a map generated by the following command:
$ gpsmap -S3 -p /var/log/kismet/Kismet-Feb-16-2004-5.gps
Figure 1-60. Wi-Fi power levels in the Kingston, Rhode Island area
The -S option specifies which map server to use:
(0=MapBlast;1=Map-Point;2=Terraserver;3=Tiger Census)
If you have trouble with one of these map servers, try another (Tiger is loosely maintained by the Census Bureau and is not up 100% of the time). Use -p to show power levels or -e to simply plot the locations of the hotspots on the map (see the gpsmap manpage for more options).
1.23.1. See Also
- For even more mapping goodness, check out "Analyze Elevation Profiles for Better Long-Range Wireless Networking" [Hack #94].
Brian Jepson
Bluetooth, Mobile Phones, and GPS
- Hacks 122: Introduction
- Hack 1. Set Up Bluetooth on Linux
- Hack 2. Set Up Bluetooth on Windows XP
- Hack 3. Connect Mac OS X with a Bluetooth Phone
- Hack 4. Connect Linux with a Bluetooth Phone
- Hack 5. Connect Windows XP with a Bluetooth Phone
- Hack 6. Use Your Treo as a Modem
- Hack 7. Send SMS from a PowerBook
- Hack 8. Remote Control Mac OS X with Bluetooth Phones and PDAs
- Hack 9. Remote Control Linux with a Bluetooth Phone
- Hack 10. Control XMMS with Bluetooth
- Hack 11. Liven Up Parties with a Participatory Slideshow
- Hack 12. Send SMS from Linux
- Hack 13. Remote Control Windows with Bluetooth Phones and PDAs
- Hack 14. Control Your Bluetooth Phone with FMA
- Hack 15. Control Your Computer from Your Palm
- Hack 16. Control Your Home Theater from Your Palm
- Hack 17. Choose a Cellular Data Plan
- Hack 18. Blog from Your Mobile Phone
- Hack 19. Get Google Maps on Your Mobile Phone
- Hack 20. Share Your GPS
- Hack 21. Broadcast Your GPS Position
- Hack 22. Map Wi-Fi Networks with Kismet and GPSd
Network Discovery and Monitoring
- Hacks 2339: Introduction
- Hack 23. Find All Available Wireless Networks
- Hack 24. Discover Networks with NetStumbler
- Hack 25. Detect Networks with Handheld PCs
- Hack 26. Find and Join Wireless Networks with AP Radar
- Hack 27. Detect Networks on Mac OS X
- Hack 28. Scan Passively with KisMAC
- Hack 29. Detect Networks with Kismet
- Hack 30. Monitor Wireless Links in Linux with Wavemon
- Hack 31. Analyze Traffic with Ethereal
- Hack 32. Track 802.11 Frames in Ethereal
- Hack 33. Watch Network Traffic
- Hack 34. grep Your Network
- Hack 35. Check Wi-Fi Network Performance with Qcheck
- Hack 36. Estimate Network Performance
- Hack 37. Get Real-Time Network Stats
- Hack 38. Graph Your Wireless Performance
- Hack 39. Find Radio Manufacturers by MAC
Wireless Security
- Hacks 4051: Introduction
- Hack 40. Stop Moochers from Stealing Your Wi-Fi Bandwidth
- Hack 41. Visualize a Network
- Hack 42. Secure Your Linux Network with WPA
- Hack 43. Control Wireless Access by MAC
- Hack 44. Authenticate Wireless Users
- Hack 45. Forward Ports over SSH
- Hack 46. Proxy Web Traffic over SSH
- Hack 47. Securely Connect Two Networks
- Hack 48. Generate a Tunnel Configuration Automatically
- Hack 49. Poll Wireless Clients
- Hack 50. Interrogate the Network
- Hack 51. Track Wireless Users
Hardware Hacks
- Hacks 5262: Introduction
- Hack 52. Add an External Antenna
- Hack 53. Do-It-Yourself Access Point Hardware
- Hack 54. Boot from a Compact Flash Hard Drive
- Hack 55. Increase the Range of a PowerBook
- Hack 56. Send Power over Your Ethernet
- Hack 57. The NoCat Night Light
- Hack 58. Upgrade the Linksys WET11
- Hack 59. Scan for Wireless Networks Automatically
- Hack 60. Backlight Your Zipit
- Hack 61. Unwire Your Pistol Mouse
- Hack 62. Mobilize Your WRT54G with the WiFiCar
Software Hacks
- Hacks 6382: Introduction
- Hack 63. Build Your Own Access Point with Linux
- Hack 64. Bridge Your Linux AP
- Hack 65. Protect Your Bridge with a Firewall
- Hack 66. Filter MAC with HostAP and Madwifi
- Hack 67. Upgrade Your Wireless Router
- Hack 68. Set Up an OLSR Mesh Network
- Hack 69. Extend Your Wireless Network with WDS
- Hack 70. Pebble
- Hack 71. Wall Off Your Wireless
- Hack 72. Run Your Mac as an Access Point
- Hack 73. Run Linux on the Zipit Wireless Messenger
- Hack 74. Capture Wireless Users with NoCatAuth
- Hack 75. Capture Wireless Users on a Small Scale
- Hack 76. Build an Online Community in Your Offline Neighborhood
- Hack 77. Manage Multiple AirPort Base Stations
- Hack 78. Advertise Bonjour Services in Linux
- Hack 79. Advertise Any Service with Bonjour in Mac OS X
- Hack 80. Redirect Brought to you by Bonjour Ads
- Hack 81. Use a Windows-Only Wireless Card in Linux
- Hack 82. Use Your Orinoco Card with Hermes AP
Do-It-Yourself Antennas
- Hacks 8393: Introduction
- Hack 83. Make a Deep Dish Cylindrical Parabolic Reflector
- Hack 84. Spider Omni Antenna
- Hack 85. Pringles Can Waveguide
- Hack 86. Pirouette Can Waveguide
- Hack 87. Primestar Dish with Waveguide Feed
- Hack 88. Primestar Dish with Biquad Feed
- Hack 89. Cut a Cable Omni Antenna
- Hack 90. Build a Slotted Waveguide Antenna
- Hack 91. The Passive Repeater
- Hack 92. Determine Your Antenna Gain
- Hack 93. Build Cheap, Effective Roof Mounts
Wireless Network Design
- Hacks 94100: Introduction
- Hack 94. Analyze Elevation Profiles for Better Long-Range Wireless Networking
- Hack 95. Build a Wireless Network for the Large House
- Hack 96. Establish Line of Sight
- Hack 97. Calculate the Link Budget
- Hack 98. Align Antennas at Long Distances
- Hack 99. Slow Down to Speed Up
- Hack 100. Take Advantage of Antenna Polarization
Appendix A. Wireless Standards
- Appendix A. Wireless Standards
- Section A.1. 802.11: The Mother of All IEEE Wireless Ethernet
- Section A.2. 802.11a: The Betamax of the 802.11 Family
- Section A.3. 802.11b: The De Facto Standard
- Section A.4. 802.11g: Like 802.11b, only Faster
- Section A.5. 802.16: WiMAX Long Distance Wireless Infrastructure
- Section A.6. Bluetooth: Cable Replacement for Devices
- Section A.7. 900 MHz: Low Speed, Better Coverage
- Section A.8. CDPD, 1xRTT, and GPRS: Cellular Data Networks
- Section A.9. FRS and GMRS: Super Walkie-Talkies
- Section A.10. 802.1x: Port Security for Network Communications
- Section A.11. WPA & 802.11i
- Section A.12. BSS Versus IBSS
Appendix B. Wireless Hardware Guide
EAN: 2147483647
Pages: 178
