Hack 22. Map Wi-Fi Networks with Kismet and GPSd

Use these two powerful Linux tools to map out the locations of Wi-Fi networks.

GPSd [Hack #20] is a great tool to get data from your GPS receiver. You can make it even more powerful by combining it with Kismet [Hack #29], allowing you to physically map locations of wireless networks.

In order to make this work, you will need to have both GPSd and Kismet installed and functioning with your Linux system. Consult the hacks on both pieces of software if you have setup questions.

If you plan to do some network mapping with Kismet, keep the following in mind:

  • Put the computer somewhere safe and out of the way. Don't put it someplace where a sudden stop will send it into your lap or through a window.
  • Forget that the computer is there while you are driving. If you have to fiddle with it, pull over first. If you can have a friend ride with you who can operate the computer, all the better. Do not let the computer distract you while you are driving.
  • Make sure that the GPS gets a fix before you start driving. It's a lot harder for it to get a fix while you are in motion.
  • Put the GPS somewhere that it can easily pick up the satellite signals. Your best bet is to get a magnetized external antenna that can attach to your roof. Be sure that there are no loose wires sticking out of your window. Don't slam the wires in the door!

Above all, when you are driving a car, your first responsibility is to drive safely. Pay attention to the road and drive carefully.

To begin mapping networks with Kismet and GPSd, take the following steps:

  1. Load any modules needed for the serial port you're using for the GPS (optional):

    	$ sudo modprobe pl2303
    	$ dmesg | grep tty
    	ttyS00 at 0x03f8 (irq = 4) is a 16550A 
    	ttyS02 at 0x03e8 (irq = 4) is a 16550A 
  2. Start GPSd, specifying the serial port with -p and the speed with -s:

    	$ sudo gpsd -D9 -p /dev/ttyUSB0 -s 4800 
    	 Telnet to GPSd and use p until you have a reliable fix, then 
    	disconnect when you are done: 
    	$telnet localhost 2947 
    	Connected to debian. 
    	Escape character is '^]'.
    	GPSD,P=0.000000 0.000000
    	GPSD,P=41.485882 -71.524841
    	Connection closed.
  3. Launch Kismet with the -g (GPS) switch, and specify the hostname and port that GPSd is listening on:

    	$ sudo kismet -g localhost:2947
  4. Go for a drive. Press Shift-Q when you are done with the drive to terminate Kismet.

When you shut Kismet down, it writes out logfiles. Check the logtemplate setting in kismet.conf to see where it puts its log files; for example:


Kismet writes several logfiles in the logtemplate directory (in the following filenames, I starts at 1 and increments each time you run Kismet on a given day):



Kismet log in semicolon-separated fields, one line per entry. The first entry contains the field names.



Kismet log in a pcap(3) format suitable for loading under Ethereal (http://www.ethereal.com).



Kismet log in a format designed to be read by the gpsmap utility, which is included with the Kismet distribution.



A human-readable dump of the networks that Kismet encountered.



Kismet log in an XML format.

To generate a map, run gpsmap on the .gpslog file. See the gpsmap manpage for all the drawing and mapping options. If you choose to use a downloaded map (the default), you must be online. Figure 1-60 shows a map generated by the following command:

	$ gpsmap -S3 -p /var/log/kismet/Kismet-Feb-16-2004-5.gps

Figure 1-60. Wi-Fi power levels in the Kingston, Rhode Island area

The -S option specifies which map server to use:

	(0=MapBlast;1=Map-Point;2=Terraserver;3=Tiger Census)

If you have trouble with one of these map servers, try another (Tiger is loosely maintained by the Census Bureau and is not up 100% of the time). Use -p to show power levels or -e to simply plot the locations of the hotspots on the map (see the gpsmap manpage for more options).

1.23.1. See Also

  • For even more mapping goodness, check out "Analyze Elevation Profiles for Better Long-Range Wireless Networking" [Hack #94].

Brian Jepson

Bluetooth, Mobile Phones, and GPS

Network Discovery and Monitoring

Wireless Security

Hardware Hacks

Software Hacks

Do-It-Yourself Antennas

Wireless Network Design

Appendix A. Wireless Standards

Appendix B. Wireless Hardware Guide

Wireless Hacks
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
ISBN: 0596101449
EAN: 2147483647
Year: 2004
Pages: 178

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net