KNSGEM is now released!!

Postby streaker69 » Thu Jan 04, 2007 5:33 am

Dutch wrote:I'm not so sure they are spoofed MAC's per se... Check the logs, my SWAG is that the networks in question are AdHoc type nets (or probe's searching for the AdHoc net) and not Infrastructure.
If so, they are operating per the 802.11 specs, wrt the MAC's being random, and thereby able to have the same MAC as another device.

It's one of the reasons I see networks I've detected, suddenly appearing in places I never stumbled. Someone else detects a network, which has the same BSSID during AdHoc operation, that the network detected by me had, and during the next update of the Wigle Map, it has suddenly been teleported from Denmark, to Ohio or Australia..


Dutch


It's WifiWormholes I tell ya.
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby Scruge » Thu Jan 04, 2007 7:03 am

Dutch wrote:I'm not so sure they are spoofed MAC's per se... Check the logs, my SWAG is that the networks in question are AdHoc type nets (or probe's searching for the AdHoc net) and not Infrastructure.
If so, they are operating per the 802.11 specs, wrt the MAC's being random, and thereby able to have the same MAC as another device.

It's one of the reasons I see networks I've detected, suddenly appearing in places I never stumbled. Someone else detects a network, which has the same BSSID during AdHoc operation, that the network detected by me had, and during the next update of the Wigle Map, it has suddenly been teleported from Denmark, to Ohio or Australia..


Dutch


You might be right.

These were recorded in the same NS file on the same day within 35 minutes of each other.
Because knsgem was projecting the center of the nets in areas where no other nets existed, alerted my attention.

I'm not certain how NS handles a change detected in a networks configuration Ad-Hoc verse Infra-Stru. If the net is first seen as Ad-Hoc and later seen during the same drive as Infra-Stru, does NS update to the new config?

I'll have to see how Wigle triangulated the nets, assuming no one has updated them since. They were uploaded Sep 2005.

It looks as though the C-D points are the infamous HPSETUP I find all the time using the same MACs.

Code: Select all
A-B network info
cnetwrk cnetype  cessid     cbssid            cinfo  cchnl cmaxrate  cncoding   cftime            cltime             cbstSig cbstnos   cdatasz ciptype     hd_vendor    ccfile             
    273 Infrastr ME102      00:00:AA:BB:CC:0D na         1       11  na         20050914 20:59:41 20050914 21:33:51      -77     -99        12 na          XEROX CORPOR 20050914153005.ns1 

GPS   #  bssid                     lat         lon      alt     spd     heading  fix signal noise  ccftime                ccfile              prctime           
      2  00:00:AA:BB:CC:0D   29.781180  -95.761292    29.53   26.11    80.31000    8    -91   -96  20050914 21:33:45:95   20050914153005.ns1  20070104 07:27:43
      3  00:00:AA:BB:CC:0D   29.781198  -95.761143    29.53   27.11    81.90000    8    -86   -98  20050914 21:33:46:68   20050914153005.ns1  20070104 07:27:43
      4  00:00:AA:BB:CC:0D   29.781225  -95.760850    29.53   27.61    83.97000    8    -90   -98  20050914 21:33:48:04   20050914153005.ns1  20070104 07:27:43
      5  00:00:AA:BB:CC:0D   29.781233  -95.760703    29.53   27.83    85.84000    8    -77   -93  20050914 21:33:49:81   20050914153005.ns1  20070104 07:27:43
      6  00:00:AA:BB:CC:0D   29.880650  -95.548877    29.53   69.50   178.75000    8    -89   -99  20050914 20:59:50:25   20050914153005.ns1  20070104 07:27:43
      7  00:00:AA:BB:CC:0D   29.880972  -95.548885    29.53   69.24   178.41000    8    -81   -97  20050914 20:59:49:35   20050914153005.ns1  20070104 07:27:43
      8  00:00:AA:BB:CC:0D   29.881292  -95.548895    29.53   68.92   178.16000    8    -81   -97  20050914 20:59:48:40   20050914153005.ns1  20070104 07:27:43
      9  00:00:AA:BB:CC:0D   29.881612  -95.548907    29.53   68.67   178.17000    8    -86   -97  20050914 20:59:47:54   20050914153005.ns1  20070104 07:27:43
     10  00:00:AA:BB:CC:0D   29.881930  -95.548915    29.53   68.44   178.72000    8    -84   -95  20050914 20:59:46:93   20050914153005.ns1  20070104 07:27:43
     11  00:00:AA:BB:CC:0D   29.882248  -95.548923    29.53   68.32   179.08000    8    -85   -98  20050914 20:59:45:59   20050914153005.ns1  20070104 07:27:43
     12  00:00:AA:BB:CC:0D   29.882567  -95.548927    29.53   68.70   179.39000    8    -90   -98  20050914 20:59:44:71   20050914153005.ns1  20070104 07:27:43
     13  00:00:AA:BB:CC:0D   29.883533  -95.548935    29.53   69.75   179.06000    8    -91   -96  20050914 20:59:41:39   20050914153005.ns1  20070104 07:27:43



C-D network info
cnetwrk cnetype  cessid     cbssid            cinfo  cchnl cmaxrate  cncoding   cftime            cltime             cbstSig cbstnos   cdatasz ciptype     hd_vendor    ccfile             
    295 Ad-Hoc   hpsetup    02:50:44:13:0A:20 na         6       11  na         20050914 21:01:12 20050914 21:10:12      -82     -99        12 na          na           20050914153005.ns1 

GPS   #  bssid                     lat         lon      alt     spd     heading  fix signal noise  ccftime                ccfile              prctime           
  17592  02:50:44:13:0A:20   29.784592  -95.598982    29.53   48.36   270.17000    8    -86   -97  20050914 21:10:03:02   20050914153005.ns1  20070104 07:27:43
  17593  02:50:44:13:0A:20   29.784593  -95.599242    29.53   48.99   270.23000    8    -91   -97  20050914 21:10:03:75   20050914153005.ns1  20070104 07:27:43
  17594  02:50:44:13:0A:20   29.784595  -95.599773    29.53   50.22   270.32000    8    -82   -96  20050914 21:10:05:93   20050914153005.ns1  20070104 07:27:43
  17595  02:50:44:13:0A:20   29.784595  -95.599505    29.53   49.63   270.27000    8    -92   -95  20050914 21:10:04:95   20050914153005.ns1  20070104 07:27:43
  17596  02:50:44:13:0A:20   29.784597  -95.600042    29.53   50.34   270.39000    8    -88   -96  20050914 21:10:06:54   20050914153005.ns1  20070104 07:27:43
  17597  02:50:44:13:0A:20   29.784598  -95.600310    29.53   50.01   270.35000    8    -84   -98  20050914 21:10:07:61   20050914153005.ns1  20070104 07:27:43
  17598  02:50:44:13:0A:20   29.784602  -95.601097    29.53   48.53   270.05000    8    -90   -97  20050914 21:10:10:42   20050914153005.ns1  20070104 07:27:43
  17599  02:50:44:13:0A:20   29.784602  -95.600837    29.53   49.04   270.08000    8    -93   -96  20050914 21:10:10:03   20050914153005.ns1  20070104 07:27:43
  17600  02:50:44:13:0A:20   29.784602  -95.600575    29.53   49.51   270.26000    8    -87   -98  20050914 21:10:08:20   20050914153005.ns1  20070104 07:27:43
  17601  02:50:44:13:0A:20   29.862883  -95.563907    29.53   57.47   179.27000    8    -88   -97  20050914 21:01:17:07   20050914153005.ns1  20070104 07:27:43
  17602  02:50:44:13:0A:20   29.863147  -95.563913    29.53   56.40   179.37000    8    -92   -99  20050914 21:01:15:72   20050914153005.ns1  20070104 07:27:43
  17603  02:50:44:13:0A:20   29.863658  -95.563923    29.53   54.70   179.54000    8    -92   -96  20050914 21:01:12:83   20050914153005.ns1  20070104 07:27:43
User avatar
Scruge
 
Posts: 1399
Joined: Wed Jan 26, 2005 3:29 pm

Postby Scruge » Thu Jan 04, 2007 9:09 am

Scruge wrote:I'll have to see how Wigle triangulated the nets, assuming no one has updated them since. They were uploaded Sep 2005.



followup...

I checked Wigle using the query interface and it reported the mac "00:00:AA:BB:CC:0D" network with coordinates somewhere in the Nevada/Cal desert using a SSID of "DORA". However I was never able to get Wigle to display an AP marker on the map.
User avatar
Scruge
 
Posts: 1399
Joined: Wed Jan 26, 2005 3:29 pm

Postby Thorn » Thu Jan 04, 2007 10:51 am

Scruge wrote:followup...

I checked Wigle using the query interface and it reported the mac "00:00:AA:BB:CC:0D" network with coordinates somewhere in the Nevada/Cal desert using a SSID of "DORA". However I was never able to get Wigle to display an AP marker on the map.

You need Ultra/Magic clearance for that. [color="White"]<subliminal> Area 51 </subliminal>[/color]

Mr. J :cool: and Mr. K :cool: will be knocking on your door any moment now.
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby beakmyn » Thu Jan 04, 2007 11:40 am

Thorn wrote:You need Ultra/Magic clearance for that. [color="White"]<subliminal> Area 51 </subliminal>[/color]

Mr. J :cool: and Mr. K :cool: will be knocking on your door any moment now.


I flew in there once, took Janet Airways.
beakmyn
 
Posts: 4858
Joined: Sun Aug 03, 2003 1:53 pm

Postby Airstreamer » Thu Jan 04, 2007 12:24 pm

beakmyn wrote:I flew in there once, took Janet Airways.

Was that the one with all the stews that looked like the disonorable J. Reno?:)
"But when we disarmed They sold us and delivered us bound to our foe,
And the Gods of the Copybook Headings said: "Stick to the Devil you know.""

- Rudyard Kipling
User avatar
Airstreamer
 
Posts: 2703
Joined: Sun Nov 07, 2004 9:26 pm
Location: A little North of Reason

Postby Scruge » Thu Jan 04, 2007 12:30 pm

Things fell into place much faster than I expected.

So here it is [color="Red"]KNSGEM 2 beta[/color].

Signal Plots have been added.
One word of caution, they can be huge. Make sure your Google Earth is up to date.
I've tested up to 200k placemarks in a single GE file.

Other highlights ...
1. There's more user options available in the knsgem.cfg file, make sure to check them out.
2. A few of the knsgem files have been renamed, "D" are now "AP", and R are now "H"ull.
3. You might notice that some AP labels appear in RED. This is a flag that the actual coverage radius exceeded the Maxrad set in the knsgem.cfg file. Use the Signal Plot to investigate. I found some pretty interesting things that I'll post later.
4. You can now adjust the height of 3D objects and the scale for AP icons and Signal Icons which are new in this version.
5. With the addition of Signal Plots you can set the limits on 4 user definable signal classes. You may need to adjust to suit your equipment requirements.

Special Note.
The Signal Plots (SP) files when loaded have their own SP marker icons that will over-lay the AP icons. So if it appears that you can't turn off the AP or SP icons its probably because both sets are on at the same time.

Tip on using GE.
I get a lot of people asking if there's a way to break down the Knsgem KML and extract just specific info, the answer is YES.
Once you've loaded all the knsgem files into GE, create a new folder. Then simply right click on the knsgem data your are interested in working with, and then click copy. Next, right click on the new folder and click paste. Once you've copied and pasted all the data you need to the new folder in GE you can now delete the knsgem folders in GE. Now right click your new folder and then click SaveAs giving it a name and then click OK. Your specific data is now contained in the new folder and there's no need to load all the knsgem data the next time you want to review

Have fun!:)
User avatar
Scruge
 
Posts: 1399
Joined: Wed Jan 26, 2005 3:29 pm

Postby Scruge » Sat Jan 06, 2007 11:44 am

I wanted to test how well the 3D plots overlaid the Signal Plots. So I did a little test on a cheapy AP I purchased to handle my wireless IP security cameras. The NS log was taken over a 3-4 day period using a standard USB dongle with toothpick antenna. The survey resulted in over 700 signal readings.
You might notice there is a GPS shift of 15 or so feet to the SW that took place on one of those days.
I was really surprised to discover how far the little POS broadcast it's signal, considering there's a lot of trees.
http://www.rjpi.com/misc/corel023.jpg

btw.. I forgot to mention you'll find a number at the end of each AP's SP folder name. That number represents the total number of signal readings taken for that AP. Once you drill down to the signal placemarks the number represents the signal reading as an absolute value.

Interesting side note..
I've found numerous WISP in my cross country logs. They typically use the same MAC for 5 to 20 miles in areas I've driven. WISP providers here look as though they are using a WiMax backbone which breaks out to WiFi every mile or so. They show up as .5 mile long dashes on 1 mile centers. Normally there is another AP that's being used to fill in the gaps. Just look for another mac in the same series with a large signal data size.
User avatar
Scruge
 
Posts: 1399
Joined: Wed Jan 26, 2005 3:29 pm

Postby Camacho_Daniel » Sun Jan 07, 2007 7:48 pm

I have netStumbler and found all my connections. I wanted to plot them on the Knsgem Software Followed all the instructions and I did not see any plotting of my connections!
Camacho_Daniel
Mini Stumbler
 
Posts: 3
Joined: Sun Jan 07, 2007 7:43 pm

Postby Barry » Sun Jan 07, 2007 8:40 pm

Camacho_Daniel wrote:I have netStumbler and found all my connections. I wanted to plot them on the Knsgem Software Followed all the instructions and I did not see any plotting of my connections!



Which os, gps?
Never do anything you don't want to explain to the paramedics.
User avatar
Barry
 
Posts: 5713
Joined: Sat Dec 28, 2002 11:10 pm
Location: Ohio

Postby Camacho_Daniel » Wed Jan 10, 2007 11:27 pm

I Downloaded Knsgem Program. Scanned My Area And Wanted To Plot Them Onto Google Earth They Did Not Show! Why!
Camacho_Daniel
Mini Stumbler
 
Posts: 3
Joined: Sun Jan 07, 2007 7:43 pm

Postby Camacho_Daniel » Wed Jan 10, 2007 11:34 pm

Barry wrote:Which os, gps?

I have a Signal Seeker antenna [ USB ] & no I don't try to break into peoples Connections , I have 1T High speed Internet In my area not many people have a connection like mine. My area has a population of 800 . I just drove around and used netstumbler just for fun! I now wanted to plot them into google earth so I could show my friends. The Knsgem Program did not plot them onto Google earth
Camacho_Daniel
Mini Stumbler
 
Posts: 3
Joined: Sun Jan 07, 2007 7:43 pm

Postby fregniacciaro » Thu Jan 11, 2007 3:29 am

Camacho_Daniel wrote:I have a Signal Seeker antenna [ USB ] & no I don't try to break into peoples Connections , I have 1T High speed Internet In my area not many people have a connection like mine. My area has a population of 800 . I just drove around and used netstumbler just for fun! I now wanted to plot them into google earth so I could show my friends. The Knsgem Program did not plot them onto Google earth


You didn't answer Barry's question.
When I was your age, television was called books. And this is a special book. It was the book my father used to read to me when I was sick, and I used to read it to your father. And today, I'm gonna read it to you.

Rompipalle della Chiesa del WiFi
SHAMELESS PLUG!

"Are you trying to irritate my colon ? Because if you are, I'll shit all over you in such a way you'll end up in a sanatorium, never to be heard from again."
--Dutch
User avatar
fregniacciaro
 
Posts: 1868
Joined: Mon Jun 03, 2002 4:30 pm
Location: Sq'rat on the loose!! Shoot 'im! (not you G8t)

Postby streaker69 » Thu Jan 11, 2007 5:20 am

Camacho_Daniel wrote:I have a Signal Seeker antenna [ USB ] & no I don't try to break into peoples Connections , I have 1T High speed Internet In my area not many people have a connection like mine. My area has a population of 800 . I just drove around and used netstumbler just for fun! I now wanted to plot them into google earth so I could show my friends. The Knsgem Program did not plot them onto Google earth


Hmm, Most people with a T1 Connection actually know that it's a T1.

BTW, T1's are slow by today's standard.
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby Barry » Thu Jan 11, 2007 8:22 am

streaker69 wrote:Hmm, Most people with a T1 Connection actually know that it's a T1.

BTW, T1's are slow by today's standard.



But in the movie Hackers they were the 133t haxor connection!!!


[color="White"]T1 is soooo last century. [/color]
Never do anything you don't want to explain to the paramedics.
User avatar
Barry
 
Posts: 5713
Joined: Sat Dec 28, 2002 11:10 pm
Location: Ohio

PreviousNext

Return to Windows

Who is online

Users browsing this forum: No registered users and 4 guests