1 / 49

Know Your Bounds: Mapping Your Wireless Network Using Satellite Imagery

Know Your Bounds: Mapping Your Wireless Network Using Satellite Imagery. Session # 6 Tuesday, Sept. 10, 3:30-5:00PM Tony Bautts - BerkeleyWireless.net David Zendzian - DMZ Services. Key Points. 802.11b – The Radio Station Wireless detection schemes Perceptions of overall range

fryp
Download Presentation

Know Your Bounds: Mapping Your Wireless Network Using Satellite Imagery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Know Your Bounds: Mapping Your Wireless Network Using Satellite Imagery Session # 6 Tuesday, Sept. 10, 3:30-5:00PM Tony Bautts - BerkeleyWireless.net David Zendzian - DMZ Services

  2. Key Points • 802.11b – The Radio Station • Wireless detection schemes • Perceptions of overall range • Current mapping methods • Why should you care about range? • Description of new technique • Demonstration

  3. 802.11b – A Primer • Runs on the 2.4Ghz frequency • Spread spectrum - history, frequency hopping • Signal travels through many materials

  4. 802.11b - Breakdown 1.4-2.7 Gigahertz frequency range

  5. 802.11 – A Primer cont’d • Close to the AP its fast • Can travel long distances • Even at greater distance the slower 1MB is still fast enough for most apps

  6. 802.11b – The Protocol • 802.11b communication process • Associate / Disassociate requests • Netstumbler and other wireless scanners look for 802.11 management frames

  7. Signal For All • Your wireless network signal is being broadcast for all to see • This is good for your employees and your investment, but bad for your security

  8. The Signal Travels… • 802.11b signal can travel much farther than manufacturer estimates • Intercepting signal from building to building is not uncommon • ‘Yagi’ antennas make intercepting far away signals possible

  9. Varied Results – Deployment Issues • Access points next to windows are much more accessible • Concrete, steel and water interfere with signal • Some glass can interrupt signal

  10. Why Map? • Aerial visualization helps when troubleshooting wireless deployments • Graphical signal representations are useful to everyone, not just ‘techies’ • Knowing where your signal is actually traveling gives security staff an edge

  11. Current Mapping Methods • Current mapping methods center around “hotspots” • Hotspots are basically just points at which a signal was detected • Not very accurate since they don’t take into account signal strength • Inconsistent results since visibility can vary from day to day

  12. Wireless Map by Peter Shipley

  13. Signal Strength mapping • There are many different methods, some better than others • Basic strength mapping can be done with most client manager software, like Orinoco Client manager • More advanced mapping can be done with other tools like NetStumbler or AiroPeek

  14. Client Manager Screenshot

  15. Mapping with Client Managers • Rudimentary, but effective • Doesn’t generally allow saving of data • Doesn’t generally support GPS

  16. Netstumbler Screenshot

  17. Mapping with NetStumbler • Allows the saving and exporting of collected data into multiple formats • Supports GPS and will store GPS data with other stats • Supports MIDI for AP location

  18. Airopeek screenshot

  19. Mapping with Airopeek • Airopeek lists signal strength per packet as a percentage • Data can be exported in many formats • GPS isn’t supported • Co$tly

  20. Kismet Screenshot

  21. Mapping with Kismet • Comes with own gpsmap program • Does signal strength guessing and interpolation • Not so accurate

  22. Mapping with KismetWireless • Kismet is a Linux wireless tool • It’s free • Captures all packets received • Supports GPS and mapping • Logging is flexible and configurable • Installation can be difficult • Requires driver and kernel patches

  23. University of Kansas GIS Based WLAN Map Project

  24. GIS Mapping methods • Some map makers are using GIS programs. (ArcView, Grass) • Incredibly difficult • Requires strong knowledge of GIS and geographic mapping techniques • Overlay generally done manually

  25. carte.pl • Netstumbler output required • GPS is a must • Tool runs on Linux and Win2k • Utilizes internet connection to grab the satellite image

  26. Application requirements • Perl • Image::Magick • Image::Grab • Web connection

  27. Usage Overview • Data collection using NetStumbler • Data exported as text • carte.pl • Parse exported data • Process data setting variables, etc • Grab satellite image from Internet • Generate simple ‘circle’ & IDW overlay images • Graphical output is overlaid on satellite image

  28. Data Collection using NetStumbler • Connect GPS device to PC • Launch NetStumbler • Begin collecting data by moving around your signal area, until signal weakens • Try to find the limits of the signal in all directions – Need at least 6 good readings from different (~50 meters) locations

  29. Exporting Data in NetStumbler

  30. NetStumbler Output

  31. Carte.pl options -i <scanfile>: input file from netstumbler text output (required) -p <datapath>: where to store datafiles, default /tmp/ -y <opacity> : Set the opacity of the overlay image Def: 60 -t Do not download terraserver map -o: create Overlay image: <datapath>/<mac>-overlay.png | SNR overlay image: <datapath>/<mac>.png -s: create acme/terraserver map with signal 'dots': <datapath>/<mac>-overlay-simple.png -m: Do not merge overlay with terramap -d: debug -h: this page

  32. Carte – Parsing the data • Tool calculates central position of each access point • Based on central position, grabs satellite image from www.acme.com/mapper/

  33. ##################################################### ####### Finding Max & Min | 00-40-96-44-93-03 ##################################################### coord# | lat_1 | lat | long_1| long 1 | N | 37.7054167 | W | -121.9224567 2 | N | 37.7054150 | W | -121.9224567 3 | N | 37.7054150 | W | -121.9224567 4 | N | 37.7054133 | W | -121.922455 5 | N | 37.7054133 | W | -121.922455 6 | N | 37.7054133 | W | -121.922455 7 | N | 37.7054117 | W | -121.9224533 maplat=37.7040425 | maplong=-121.92289415 | max_lat=37.7057400 | min_lat=37.7023450 | max_long=-121.9224533 | min_long=-121.923335 data range: 37.7023450,-121.923335-37.7057400,-121.9224533

  34. ############################################## ####### Getting acme/terraserver map for | 00-40-96-44-93-03 ############################################## URL | http://www.acme.com/mapper/save.cgi?lat=37.7040425&long=-121.92289415&scale=10&theme=Image&width=3&height=3&dot=No Filename | output/00-40-96-44-93-03-terramap.png

  35. Carte - Processing the data • Calculates signal strength per lat/long reading • If there are multiple SNR readings at a single point, it uses only the strongest • Generates overlay showing only dots to indicate reading position and signal strength

  36. Only map the strongest signal ##################################################### ####### Creating Overlay Image | 00-40-96-44-93-03 ##################################################### 1 | N | 37.7054167 | W | -121.9224567 2 | N | 37.7054150 | W | -121.9224567 3 | N | 37.7054150 | W | -121.9224567 4 | N | 37.7054133 | W | -121.922455 5 | N | 37.7054133 | W | -121.922455 6 | N | 37.7054133 | W | -121.922455 7 | N | 37.7054117 | W | -121.9224533 8 | N | 37.7054083 | W | -121.9224533 9 | N | 37.7054083 | W | -121.9224533 10 | N | 37.7054967 | W | -121.92247

  37. Convert signal location to map x,y min=37.7023450 | min_long=-121.923335 | | max_lat=37.7057400 | max_long=-121.9224533 data range: 37.7023450,-121.923335-37.7057400,-121.9224533 original width * 3=0.00264509999998097, height * 3=0.0101849999999928 adjusted width=0.0101849999999928, height=0.0101849999999928 middle_lat=37.7040425, middle_long=-121.92289415 one pixel is 1.6974999999988e-05 degrees of longitude. xy=324,214 | 8 xy=325,219 | 24 xy=287,400 | 0 xy=325,219 | 21 xy=291,218 | 12 xy=274,200 | 14

  38. Create ‘circle’ overlay ######################################################### ####### Creating Simple Image | 00-40-96-44-93-03 ######################################################### Draw( fill=>red, stroke=>red, strokewidth=>1, primitive => 'circle', points => 324,214 329,214 Draw( fill=>green, stroke=>green, strokewidth=>1, primitive => 'circle', points => 325,219 345,219 Draw( fill=>red, stroke=>red, strokewidth=>1, primitive => 'circle', points => 287,400 292,400 Draw( fill=>green, stroke=>green, strokewidth=>1, primitive => 'circle', points => 325,219 345,219 Draw( fill=>red, stroke=>red, strokewidth=>1, primitive => 'circle', points => 291,218 296,218 Draw( fill=>yellow, stroke=>yellow, strokewidth=>1, primitive => 'circle', points => 274,200 286,200

  39. Overlay Image

  40. Overlay On Satellite

  41. Carte - Creating the IDW overlay • Uses Inverse Distance Weighted (IDW) algorithm to generate signal strength overlay • Accuracy based on number of data points collected

  42. Calculate weights for overlay image ################################################# ####### Done Creating Simple Image | 00-40-96-44-93-03 ################################################# for 0, 0, weight=0.0554937521561633, minweight=0.0554937521561633 for 1, 1, weight=0.0559136672229048, minweight=0.0215136506150052 for 2, 2, weight=0.0563383386355446, minweight=0.0215136506150052 for 3, 3, weight=0.0567678380916948, minweight=0.0215136506150052 for 4, 4, weight=0.0572022386385329, minweight=0.0215136506150052 for 5, 5, weight=0.0576416147010413, minweight=0.0215136506150052

  43. Create Overlay Image Generating overlay image: x=0,y=0 | colorstring = #ffffff x=1,y=1 | colorstring = #ffffff x=2,y=2 | colorstring = #ffffff x=3,y=3 | colorstring = #ffffff x=4,y=4 | colorstring = #ffffff … x=287,y=287 | colorstring = #ac9877 x=288,y=288 | colorstring = #ac9877 x=289,y=289 | colorstring = #ac9877 x=290,y=290 | colorstring = #ac9877 …

  44. Overlay Image

  45. Overlay Merged

  46. Summary • 802.11b networks are both convenient and dangerous • Wireless signal mapping is critical • Visual tools aren’t common and similar mapping tools don’t offer the same functionality • Know your wireless bounds, improve your security

  47. Project Websites Updated versions and documentation can be found at: • http://www.berkeleywireless.net/carte • http://www.dmzs.com/tools/network/

More Related