High-gain Antennae and Wardriving Accuracy Theory.
While I am new to wardriving, I am not unfamiliar with GPS. I have in the past few days started goofing off with wardriving and warbiking and noticed an inherent problem with high-gain antennae and the accuracy of the placement of the SSID on my mapping software.
Seems to me that, the longer the range of your wireless card's antennae, the less accurate your GPS information will be. If you are able to stumble onto an AP from further away, the corresponding pushpin will not be placed properly on your map. Based on this hypothesis, the poorer your antennae (to a point of course), the more accurate your mapped APs will be.
Any info to the contrary from the vets is welcome.
Seems to me that, the longer the range of your wireless card's antennae, the less accurate your GPS information will be. If you are able to stumble onto an AP from further away, the corresponding pushpin will not be placed properly on your map. Based on this hypothesis, the poorer your antennae (to a point of course), the more accurate your mapped APs will be.
Any info to the contrary from the vets is welcome.
EdSpecial, you are exactly correct. this is also tempered somewhat by what stumbling software you use. as i understand it, Netstumbler requires transmitting and forcing the AP to respond. in this sense, more gain = a wider sphere of influence. kismet does not transmit at all (and thus is silent in AP logs).
higher gain antenna will always give you more AP's, but unless you criss-cross the area, your GPS info could easily be off. a directional gain antenna is all just wrong for general wardriving, unless you want to cover a specific direction that you cannot drive very close to. usually a moderate-gain omni is best.
higher gain antenna will always give you more AP's, but unless you criss-cross the area, your GPS info could easily be off. a directional gain antenna is all just wrong for general wardriving, unless you want to cover a specific direction that you cannot drive very close to. usually a moderate-gain omni is best.
Just to add a little bit to this...
Yes, this can be "proven" by seeing how many detections are on freeways. Most APs aren't actually "on" freeways.
The positive thing about these long-range scans is that the APs are logged somewhere within a few kilometers or less of actual, rather than nowhere within the 149 million square kilometers of Earth. Later scans will help triangulate to get the AP coordinates closer to actual. They're also good for statistics (e.g. security, SSID popularity, channel popularity, make/model popularity).
Yes, this can be "proven" by seeing how many detections are on freeways. Most APs aren't actually "on" freeways.
The positive thing about these long-range scans is that the APs are logged somewhere within a few kilometers or less of actual, rather than nowhere within the 149 million square kilometers of Earth. Later scans will help triangulate to get the AP coordinates closer to actual. They're also good for statistics (e.g. security, SSID popularity, channel popularity, make/model popularity).
No matter how high or how low gain your antenna has, the placement of the detected AP will be unprecise. Try to think it overWhile I am new to wardriving, I am not unfamiliar with GPS. I have in the past few days started goofing off with wardriving and warbiking and noticed an inherent problem with high-gain antennae and the accuracy of the placement of the SSID on my mapping software.
Seems to me that, the longer the range of your wireless card's antennae, the less accurate your GPS information will be. If you are able to stumble onto an AP from further away, the corresponding pushpin will not be placed properly on your map. Based on this hypothesis, the poorer your antennae (to a point of course), the more accurate your mapped APs will be.
Any info to the contrary from the vets is welcome.
The GPS location data, which the software logs, will NEVER be where the AP is located, unless you are standing on top of the AP. It will be where the GPS is located.
The wardriving software you are using will log where you and the GPS is located at the moment you detected (i.e were in range of) the AP.
If you want to try and pinpoint an AP, you need to take readings of the signal strength at various bearings and positions, and then triangulate the data.
And you would still only get an estimate of the position, due to such factors as free-space loss, multi-path reflections, RX sensitivity, TX transmission power and direction, number of virgin rubber chickens sacrificed at the latest fuil moon, and the number of times the Wigle Founding Fathers has been exposed to the PokingStick<tm> since the last posted question on how to get a Broadcom chipset-based PCMCIA card to work in RF-MON mode with kismet.
Dutch
[url=http://www.wigle.net/gps/gps/StatGroup/listusers?groupid=20041206-00006][img]http://home19.inet.tele.dk/dutch/netstumblerwigle.gif[/img][/url]
And lets not forget DOP on the GPS side.
And you would still only get an estimate of the position, due to such factors as free-space loss, multi-path reflections, RX sensitivity, TX transmission power and direction, number of virgin rubber chickens sacrificed at the latest fuil moon, and the number of times the Wigle Founding Fathers has been exposed to the PokingStick<tm> since the last posted question on how to get a Broadcom chipset-based PCMCIA card to work in RF-MON mode with kismet.
Dutch
Understood. This being true, it only stands to reason that the closer you are to the AP when you stumble it, the closer to accurate your GPS will be when it logs it. Simply saying that super high-gain crazy antennae allow you to pick up the AP from futher away regardless of where the AP is. Further away means that the GPS logs it futher away, thus making the info less accurate.The GPS location data, which the software logs, will NEVER be where the AP is located, unless you are standing on top of the AP. It will be where the GPS is located.
A less efficient antennae would require you to be closer to the AP, thus getting a GPS coordinate that is closer to the AP and therefore being a more accurate representation of the location of the AP. If I use a "cantenna" to pick up a signal from 1000 feet away and place a pushpin on a map that is 1000 feet from the AP, it is going to be impossible for anyone with anything less than a "cantenna" to pick up the AP after me.
Triangulation on ONE AP not withstanding, it just seems to me that getting a super high-gain antenna defeats the wardriver's purpose besides the benefits already mentioned - i.e. stats.
Thanks for the great replies.
Okay now I have to ask.Triangulation on ONE AP not withstanding, it just seems to me that getting a super high-gain antenna defeats the wardriver's purpose besides the benefits already mentioned - i.e. stats.
Thanks for the great replies.
What is "the wardrivers purpose"?
Heh...loaded question.
I will answer in the "for me" vein:
Hobby-level information gathering. Not much more than that. Kind of neat to see little pushpins all around town.
The purpose I was speaking of in my post would simply be the gathering of accurate information.
So there.
I will answer in the "for me" vein:
Hobby-level information gathering. Not much more than that. Kind of neat to see little pushpins all around town.
The purpose I was speaking of in my post would simply be the gathering of accurate information.
So there.
Good answer.Heh...loaded question.
I will answer in the "for me" vein:
Hobby-level information gathering. Not much more than that. Kind of neat to see little pushpins all around town.
So I guess you mean kind of like a site survey?The purpose I was speaking of in my post would simply be the gathering of accurate information.
So there.
casual RF site surveys can be done with regular wardriving apparatus. more serious work requires better radios, spectrum analyers and so on. the guys here have a lot of info on this.
also, since most stumbling software scans all 11 (in the USA) channels, you will be constantly *not* logging some signal from a given AP while it's going around on the other 10 channels. if you are warbiking, you are probably generating much more accurate data than driving by it at 80 miles an hour! if you are trying for better accuracy on a given AP, then turn off scanning. in Kismet you can lock it on a specific channel by editing kismet.conf, or hit L while it's scanning to lock it onto a specific channel, H will return it to scan mode. some card/chipsets can accurately scan faster than others. another way to maximize accuracy while scanning is to use two wifi cards. Kismet will intelligently scan using both cards to cover the 11 channels in approximately half the time. you would need to make sure both cards' external antenna are approximately the same amount of gain, and similar pattern. this is probably getting to be "too much stuff" for biking.
this also is fairly apparent when you think about it. if you are driving on a highway scanning 11 channels and you drive by the very fringe of an AP and log one packet, your stumbling software will place that on the highway where you were located. if you are on a bicycle, and drive past the same AP you will log hundreds or thousands of packets from that AP and your GPS information will be much more accurate. Kismet logs signal strength, so if you have a lot of packets and driven all around the AP, Kismet will do a pretty fair job of placing the AP accurately with lots of GPS data. this gets to be a function of the mapping software rather than the wardriving software.
i can drive all around a large block, and place an AP very accurately in the center that i cannot drive very close to at all. the most accurate methods are having lots of data, and data that was gathered from a wide variety of locations. lots of data from a high-gain antenna a quarter mile away probably won't be a good as lots of data that you biked up, down, and all around.
also, since most stumbling software scans all 11 (in the USA) channels, you will be constantly *not* logging some signal from a given AP while it's going around on the other 10 channels. if you are warbiking, you are probably generating much more accurate data than driving by it at 80 miles an hour! if you are trying for better accuracy on a given AP, then turn off scanning. in Kismet you can lock it on a specific channel by editing kismet.conf, or hit L while it's scanning to lock it onto a specific channel, H will return it to scan mode. some card/chipsets can accurately scan faster than others. another way to maximize accuracy while scanning is to use two wifi cards. Kismet will intelligently scan using both cards to cover the 11 channels in approximately half the time. you would need to make sure both cards' external antenna are approximately the same amount of gain, and similar pattern. this is probably getting to be "too much stuff" for biking.
this also is fairly apparent when you think about it. if you are driving on a highway scanning 11 channels and you drive by the very fringe of an AP and log one packet, your stumbling software will place that on the highway where you were located. if you are on a bicycle, and drive past the same AP you will log hundreds or thousands of packets from that AP and your GPS information will be much more accurate. Kismet logs signal strength, so if you have a lot of packets and driven all around the AP, Kismet will do a pretty fair job of placing the AP accurately with lots of GPS data. this gets to be a function of the mapping software rather than the wardriving software.
i can drive all around a large block, and place an AP very accurately in the center that i cannot drive very close to at all. the most accurate methods are having lots of data, and data that was gathered from a wide variety of locations. lots of data from a high-gain antenna a quarter mile away probably won't be a good as lots of data that you biked up, down, and all around.
Informative post, argh.
Another aspect of warbiking is the added dimension it adds to an otherwise average bike ride.
I use my laptop's built-in wireless card and a Delorme Earthmate LT-20. The laptop is in my backpack and the Earthmate dangles out of the top of the pack and rests there.
I had been shopping for add-on cards and external antenna when I noticed the things I put in my original post. I think for the biking, the set-up I have right now is fine -- if not better than fine.
For the car I still might get them...but for now...watch out for the guy with the blinking green light on his back.
Another aspect of warbiking is the added dimension it adds to an otherwise average bike ride.
I use my laptop's built-in wireless card and a Delorme Earthmate LT-20. The laptop is in my backpack and the Earthmate dangles out of the top of the pack and rests there.
I had been shopping for add-on cards and external antenna when I noticed the things I put in my original post. I think for the biking, the set-up I have right now is fine -- if not better than fine.
For the car I still might get them...but for now...watch out for the guy with the blinking green light on his back.
if you're familiar with GPS, you know that you only need 3 sats for accurate lat/long, and 4 for elevation (tho elevation data is much less accurate than lat/long). for what you're doing, your gear actually sounds fine. having the GPS on your back gives it a very unobstructed view of the sky. when you move this stuff to the car, suddenly the metal car roof is a big hindrance to both GPS and wifi. you can often get by, by placing the GPS on the dash of the car and still get plenty of satellites. the wifi is another story. you will need an external antenna on the car roof, or you will find *much* less AP's. the higher the frequency, the more critical feedline and connectors become. what is perfectly fine for CB and some ham radio frequencies can be completely unusable for 2.4 ghz wifi stuff.
don't be swayed by 'wardriving kits' on ebay with a USD $9.99 antenna. these are junk, use crap feedline and cheap connectors. they will about equal putting your laptop on top of the car. a GOOD 5.5db omni is very adequate for car use and is unobtrusive, only a few inches tall. the choice of suitable PCMCIA cards with an external connector is another huge discussion that has been well covered many times elsewhere.
EDIT: unless your backpack forces you to put the GPS below the laptop, you should be safe in keeping the GPS in a pocket. as long as your backpack has no metallic fiber, it should be completely transparent for the GPS radio. much better than hearing something skitter into the gutter, and realize that it's your GPS...
don't be swayed by 'wardriving kits' on ebay with a USD $9.99 antenna. these are junk, use crap feedline and cheap connectors. they will about equal putting your laptop on top of the car. a GOOD 5.5db omni is very adequate for car use and is unobtrusive, only a few inches tall. the choice of suitable PCMCIA cards with an external connector is another huge discussion that has been well covered many times elsewhere.
EDIT: unless your backpack forces you to put the GPS below the laptop, you should be safe in keeping the GPS in a pocket. as long as your backpack has no metallic fiber, it should be completely transparent for the GPS radio. much better than hearing something skitter into the gutter, and realize that it's your GPS...
Yes! I've learned a lot more new small streets in my city since I started actively warbiking there.Another aspect of warbiking is the added dimension it adds to an otherwise average bike ride.
My wardriving 'rig' also has the blinking green light.For the car I still might get them...but for now...watch out for the guy with the blinking green light on his back.
If this is a directional antenna, it comes down to how well you use it. If you're pointing a high gain directional antenna in one direction, and you don't see (with your own eyes) an AP in that direction, then obviously your GPS coordinates are not the same as the location of the AP. You can aim the antenna to where you get the strongest signal, then follow that vector until you reach the AP's location.
Because you're supposed to be getting closer to the AP by following that vector, any time the signal strength dips, you need to sweep the antenna around to find the strongest signal again. Repeat this until you find yourself going in circles around the AP. If you can't get right on top of the AP, you can use triangulation to estimate its exact location. You'll need a good compass, at least three points of reference and their coordinates, and a scientific calculator that can do rectangular <--> polar conversions.
Speaking of triangulation, you can stick a plain vanilla omni to the roof of your car, or your bicycle helmet, and methodically go up and down streets in a regular pattern. For example, if you can choose an area, then go up and down all of the north-south streets, then the east-west streets, you will have enough samples to triangulate the location of various APs based on their signal strength at various locations. This only works for APs within the swept area. If you find an interesting AP whose signal is strongest only at the boundary of the area you covered, you'll need to cover more territory in that direction.
Because you're supposed to be getting closer to the AP by following that vector, any time the signal strength dips, you need to sweep the antenna around to find the strongest signal again. Repeat this until you find yourself going in circles around the AP. If you can't get right on top of the AP, you can use triangulation to estimate its exact location. You'll need a good compass, at least three points of reference and their coordinates, and a scientific calculator that can do rectangular <--> polar conversions.
Speaking of triangulation, you can stick a plain vanilla omni to the roof of your car, or your bicycle helmet, and methodically go up and down streets in a regular pattern. For example, if you can choose an area, then go up and down all of the north-south streets, then the east-west streets, you will have enough samples to triangulate the location of various APs based on their signal strength at various locations. This only works for APs within the swept area. If you find an interesting AP whose signal is strongest only at the boundary of the area you covered, you'll need to cover more territory in that direction.
While the discussion at hand has been fascinating, it's led me to ask a question a friend and I have been tossing around.
Instead of a single omnidirectional antenna, we were thinking, purely theoretically, of course, that having 4 somewhat directional antennas arranged in a certain pattern would be much better at triangulating accurately even with limited information.
The best configuration would be to have the four pointed to the NW, NE, SW and SE points of the compass relative to the direction of travel. You'd also have to track your direction, as well, but hey, since this is only theory anyway...
(And actually, the best configuration would be to have the 4 directional antenna mounted in an enclosure that could be rotated, then arrange for some gyroscopic or other mechanism to always keep it pointed in the same directions.)
Now, the math would get a whole lot more involved and it'd be specific to a particular setup, but that's only a detail. Once it's set up, it's good to go.
With a rig like that, you'd be able to place APs at approximate distances away from roads without circling it. You'd have a chance at driving down a highway (at like 20 mph, but he, once, again, this is only theoretical... and actually having a decent guess as to how far away from the highway the AP is by calculating where the two strongest vectors cross.
Anyone have some thoughts?
Instead of a single omnidirectional antenna, we were thinking, purely theoretically, of course, that having 4 somewhat directional antennas arranged in a certain pattern would be much better at triangulating accurately even with limited information.
The best configuration would be to have the four pointed to the NW, NE, SW and SE points of the compass relative to the direction of travel. You'd also have to track your direction, as well, but hey, since this is only theory anyway...
(And actually, the best configuration would be to have the 4 directional antenna mounted in an enclosure that could be rotated, then arrange for some gyroscopic or other mechanism to always keep it pointed in the same directions.)
Now, the math would get a whole lot more involved and it'd be specific to a particular setup, but that's only a detail. Once it's set up, it's good to go.
With a rig like that, you'd be able to place APs at approximate distances away from roads without circling it. You'd have a chance at driving down a highway (at like 20 mph, but he, once, again, this is only theoretical...
and actually having a decent guess as to how far away from the highway the AP is by calculating where the two strongest vectors cross.Anyone have some thoughts?
Return to “Net Hugging Hardware and Software”
Who is online
Users browsing this forum: No registered users and 66 guests