Locating AP's

Configuration and operational information about stumbled AP's

Locating AP's

Postby Guest » Fri Jan 25, 2002 8:29 pm

I was wondering if anyone had any ideas on physically locating AP's within a building. It is for a class that I am taking. We need to find all of the AP's in the building(around 15). What is the best route? Walking around with a directional antenna until you find where the signal peaks?
Guest
 

Locating the physical AP.

Postby Guest » Fri Jan 25, 2002 8:35 pm

Do you have a wiring map? This will cut down on a lot of work. If the cable 'ain't there, the ap ain't there'.

Next, do the antenna thing. However, I bet you'll find that your're going to get a LOT of multipath down the halls!

Tron Of Borg
Guest
 

Unfortunately...

Postby Guest » Fri Jan 25, 2002 8:45 pm

The whole purpose of the project is to find the AP's without knowing where they are, such as finding rouge AP's put in without consent. Also the problem is that most of the AP's don't broadcast their SSIDs, so would netstumbler not work? Would we need to use a prog like airsnort or prismstumbler? We were also thinking about using some sort of audible signal, much like a metal detector to tell us when we are getting close. Can this be driven from netstumbler or similar software?
Guest
 

Channels.

Postby Guest » Fri Jan 25, 2002 8:47 pm

Also I believe they are running on channels 1,6 and 11, so hopefully if the channels are spread out, this should cut down on cross interference.
Guest
 

Postby Guest » Fri Jan 25, 2002 9:21 pm

If their not broadcasting the SSID, then NS show them. Here's what I'd try:

Using an Orinoco card, Orinoco site survey software and a directional antenna (impress your classmates, build a Pringles), scan the channels and swing the antenna through 360 degrees on each floor, or each section of the building.

Try to be as centrally located as possible. Be mindful of major signal blocks, or anything that will "shape" the direction of the signal. The Orinoco software will show the signal strength. Plot the major signal directions on a building blueprint. Once you've got that plot, try to track down each one by moving along that path; move some, stop and get a bearing, move, stop, move, stop... Pretty soon, you start finding them. How far you move is dependant on the size of the building, signal strenth, etc.

If you loose a signal, try going back to the last reading point. Remember too, that signals are tend to be low directly under and over the transmitting antenna. So if it drops off suddenly, look up (down)!

Good luck, and let us know how you do in class. We want to know if we get an A on your homework. :-)

Cheers,
Thorn
Guest
 

Postby Guest » Fri Jan 25, 2002 9:24 pm

That first line should say:

If they're not broadcasting the SSID, then NS will _not_ show them.

- I'm getting tired. Off to bed.
Thorn
Guest
 

Thanks

Postby Guest » Fri Jan 25, 2002 10:04 pm

Actually the pringles can idea is the one suggested by the advisor. It is a group project, so thank god I am not on my own. I will tell them about your idea using the Orinoco card and software. One of the other guys has a an Orinoco, our advisor sugested using prismstumbler, which requires a new card, thank god for budgets. We are only in the early stages, so were are looking at all options. The one thing is that the system we end up using should be easily repeated by an entry level tech, or even HS tech. So we have to dumb it down some.
Guest
 

Postby Guest » Sat Jan 26, 2002 9:42 am

If you already have (or your classmate has) and Orinoco card, then you've got the software. The card is the major cost. Building two Pringle's units cost me less than $10. The biggest other expense is the pigtail adtapter. Anywhere from $20 to $80. You might want to contact this guy:
http://www.personaltelco.net/index.cgi/MichaelCodanti

He sells them for about $20 each. $4.50 shipping will cover several pigtails.

Good luck, sounds like a fun project! And I meant it about hearing how this turns out; let us know.

Cheers,
Thorn
Guest
 

Whats the scope?

Postby Guest » Sat Jan 26, 2002 10:38 am

Hi,
Do you have to work exclusivly on the wireless side of the network?

Is there anything to stop you from working on the 'wired' side of the network to locate the APs?

If there isn't then I'll post some ideas on looking for these devices on the wired side ;-).

--Bovine
Guest
 

Wired side info

Postby Guest » Sat Jan 26, 2002 11:56 am

Bovine,
Why don't you post it anyways. I know I'd be interested in seeing it, and I'm sure others would be as well. From the sys admin/internal security point of view, locating from the wired side would probably be preferable. Personally, I use Network View as a starting point. It shows a nice graphical layout of the network, and you can look for addresses that you might not know about otherwise. From there you start looking further.

As far as the scope of the class project goes, it looks like bigdaddyhen and his classmates are supposed to locate using the RF side. At least that was what I understood from his posts. Almost like a Ham Foxhunt.

Cheers,
Thorn
Guest
 

Postby Guest » Sat Jan 26, 2002 12:03 pm

bigdaddyhen,

One further thought about all this... It might be interesting to post the results on a webpage someplace, along with some pictures of the class out "hunting." Assuming that the school, instructor, etc. would allow it.

And keep this quote in mind as your tracking down those APs:

"Be vewy, vewy quiet. We're hunting wabbits." - E. Fudd

Cheers,
Thorn
Guest
 

webpage

Postby Guest » Sat Jan 26, 2002 12:26 pm

I will find out and see if anyone has a digital camera that we could use. I have a page that I could put some pictures and screen shots on once we get done if people are intersted.
Guest
 

wired side

Postby Guest » Sat Jan 26, 2002 12:28 pm

Bovine, one thing we having working to our advantage is that we have a good idea that most will be in wiring closets, which we can easily find out the location of. The hard part will be finding rouge ap's if there are any, or ones that may be hidden. Again thanks for everyones help.
Guest
 

Postby Guest » Sat Jan 26, 2002 6:50 pm

Hey

What class are you doing this for? and what building are you doing this in? Just curious, I go to the U of MN...

-joe
Guest
 

how about nai sniffer?

Postby Guest » Sat Jan 26, 2002 7:48 pm

You have the channels, you can get the NAI Sniffer software (search the forum)..you should be able to get the IP or at least the MAC of the AP's that way.

How about being really creative?

Contact the netadmin and TELL HIM/HER you are doing a security analysis for a class, and you'd like their permission to do a network scan, etc. (of course signing an NDA). You'd be surprised just how far you can get when you go in the front door........then when you get the report ready, make your prof sign the NDA, and pass along the results.
Guest
 

Next

Return to AP Information

Who is online

Users browsing this forum: No registered users and 6 guests

cron