WiFi War Driving / Wardriving

WarDriving or War Driving (not sure if it is one word or two) is the act of mapping the location of Wi-Fi access points. The Raspberry Pi makes for an ideal Wardriving device given its portability and light power usage. Configuring the Pi wasn’t to difficult but I couldn’t find any easy automation to upload the collected data to wiggle.net or my FTP server. The reality is that I would soon get board of manually uploading the data and my attention would move onto other things as what is the point in collecting the data if you can’t make use of it! I therefore set out to create a fully automated system, which can live in the car and automaticially uploads its data when my home Wi-Fi network is in range. It is working beautifully and without trying, within a week I have already discovered over 15,000 Wi-Fi networks that were previously unmapped by wiggle.net. Check out my badge of honour below:


Equipment

Alfa AWUS051NHv2
External Wi-Fi Adapter

Magnetic base mount with SMA fittings
Mag mount with SMA fittings

USB GPS receiver
GlobalSat BU-353-S4


  • Wi-Fi Adapter: Alfa AWUS051NH v2. 802.11agbn Dual band 2.4Ghz / 5Ghz USB. £28 (Amazon)
  • Magnetic mount: Enables the Wi-Fi antenna to be positioned on the car roof for better coverage. £3.75 (eBay)
  • GPS Receiver. GlobalSat BU-353-S4. Has a magnetic base so can be positioned on the car roof for better reception. £36 (eBay)

Compatible Wi-Fi adapters

Not all Wi-Fi adapters are capable of entering the ‘monitor’ mode required for War Driving. It is the chipset that the Wi-Fi adapter uses that determines its capabilities, the following chipsets are known to work:

  • Ralink RT3070
  • Ralink RT3572
  • Atheros AR9271

You can check which chipset your Wi-Fi dongle uses with the ‘lsusb’ command. Here you can see I have two compatible Wi-Fi adapters plugged in and I have highlighted their chipset in yellow:

lsusb

pi@raspberrypi:~ $ lsusb
Bus 001 Device 005: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n
Bus 001 Device 004: ID 148f:3572 Ralink Technology, Corp. RT3572 Wireless Adapter
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
pi@raspberrypi:~ $

Use 2 Wi-Fi adapters

I strongly suggest you use two Wi-Fi dongles, one for scanning and the other to connect to your home/office/public network to upload your results. This way you can continue scanning whilst you are uploading and it also allows you to easily administrator the Pi. If you are using a Raspberry Pi 3 then I suggest you use the integrated Wi-Fi adapter to connect to your home network, and you purchase an external USB Dongel to perform the scanning. This also provides the opportunity to purchase a dual band dongle (2.4Ghz and 5Ghz) which can use an external antenna – something that isn’t possible with the integrated Wi-Fi as there is no antenna connector and no 5Ghz support. Nor is the internal Wi-Fi interface on the Raspberry Pi 3 capable of entering ‘monitor’ mode so it cannot be used for scanning.

Step 1 – Create yourself a Wigle account

  • Visit wigle.net and create yourself an account so when you upload your data you receive credit for it and can see your results on their map.
  • Join the Pi-Resource group – Wigle users can join groups which also received credit for your uploads. Please help the pi-resource group become a popular and high contributing group. Once you’ve logged into Wigle, go to ‘Stats’ -> ‘Group’ -> scroll down to find www.pi-resource.com and click ‘Join’.

    • Step 2 – Update your Pi

      Ensure that your operating system is up to date. See my Updating Raspbian guide

      Step 3 – Configure Wi-Fi interface to be used to connect to your home network

      For more detail on configuring Wi-Fi devices check out my guide on Configuring Wi-Fi.

      1. If using a Raspberry Pi 3 then DO NOT connect your external Wi-Fi dongle yet. If using the Raspberry Pi 2, then only connect the Wi-Fi adapter you’ll use to connect to your home network.
      2. Find the MAC address and the name assigned to the Wi-Fi interface, in this example the name is ‘wlan0’ and the MAC address is 18:d6:c7:1d:7a:75
      3. ifconfig

        pi@raspberrypi:~ $ ifconfig
        eth0      Link encap:Ethernet  HWaddr b8:27:eb:26:f7:a4
                  inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0
                  inet6 addr: fe80::ac3d:1fad:b08f:638/64 Scope:Link
                  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                  RX packets:132 errors:0 dropped:0 overruns:0 frame:0
                  TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
                  collisions:0 txqueuelen:1000
                  RX bytes:20457 (19.9 KiB)  TX bytes:13536 (13.2 KiB)

        lo       Link encap:Local Loopback
                  inet addr:127.0.0.1  Mask:255.0.0.0
                  inet6 addr: ::1/128 Scope:Host
                  UP LOOPBACK RUNNING  MTU:65536  Metric:1
                  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
                  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
                  collisions:0 txqueuelen:1
                  RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

        wlan0     Link encap:Ethernet  HWaddr 18:d6:c7:1d:7a:75
                  inet addr:192.168.1.11  Bcast:192.168.1.255  Mask:255.255.255.0
                  inet6 addr: fe80::bc97:f8cd:1ef0:b73c/64 Scope:Link
                  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                  RX packets:139 errors:0 dropped:1 overruns:0 frame:0
                  TX packets:39 errors:0 dropped:2 overruns:0 carrier:0
                  collisions:0 txqueuelen:1000
                  RX bytes:33900 (33.1 KiB)  TX bytes:6614 (6.4 KiB)

        pi@raspberrypi:~ $

      4. Configure the network interface to always be assigned ‘wlan0’. Add the following line to the /etc/udev/rules.d/70-persistent-net.rules file (if it doesn’t exist then create it). Substitute the MAC address highlighted in Yellow for the MAC address of your adapter. NO carriage returns, line breaks. Just one single line
        sudo nano /etc/udev/rules.d/70-persistent-net.rules

        SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="18:d6:c7:1d:7a:75", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan0"

      5. Configure the network interface to connect to your home network by editing the file /etc/wpa_supplicant/wpa_supplicant.conf

        sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

        Append the required lines so the file looks something like this, obviously substituting the SSID and password for your home networks details:

        country=GB
        ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
        update_config=1

        network={
             ssid="HomeWiFi"
             psk="WiFiPassword"
        }

      6. Reboot and check that the interface is called ‘wlan0’ and has successfully connected to your home Wi-Fi network
      7. sudo shutdown -r now
        iwconfig

        pi@raspberrypi:~ $ iwconfig
        eth0      no wireless extensions.

        wlan0     IEEE 802.11  ESSID:”HomeWiFi”
                  Mode:Managed  Frequency:2.412 GHz  Access Point: 00:1D:AA:80:5F:80
                  Bit Rate=65 Mb/s   Tx-Power=31 dBm
                  Retry short limit:7   RTS thr:off   Fragment thr:off
                  Power Management:on
                  Link Quality=54/70  Signal level=-56 dBm
                  Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
                  Tx excessive retries:25  Invalid misc:0   Missed beacon:0

        lo        no wireless extensions.

        pi@raspberrypi:~ $

        Step 4 – Configure Wi-Fi interface to be used for the scanning

        This step is much simpler, all we need to ensure is that is interface is always called ‘wlan9’.

        1. Plug in the Wi-Fi adapter that will be used to perform the scanning
        2. Find the MAC address of this Wi-Fi interface, in this example it is 00:c0:ca:90:7a:98
        3. ifconfig

          pi@raspberrypi:~ $ ifconfig
          eth0      Link encap:Ethernet  HWaddr b8:27:eb:26:f7:a4
                    inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0
                    inet6 addr: fe80::ac3d:1fad:b08f:638/64 Scope:Link
                    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                    RX packets:132 errors:0 dropped:0 overruns:0 frame:0
                    TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
                    collisions:0 txqueuelen:1000
                    RX bytes:20457 (19.9 KiB)  TX bytes:13536 (13.2 KiB)

          lo       Link encap:Local Loopback
                    inet addr:127.0.0.1  Mask:255.0.0.0
                    inet6 addr: ::1/128 Scope:Host
                    UP LOOPBACK RUNNING  MTU:65536  Metric:1
                    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
                    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
                    collisions:0 txqueuelen:1
                    RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

          wlan0     Link encap:Ethernet  HWaddr 18:d6:c7:1d:7a:75
                    inet addr:192.168.1.11  Bcast:192.168.1.255  Mask:255.255.255.0
                    inet6 addr: fe80::bc97:f8cd:1ef0:b73c/64 Scope:Link
                    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                    RX packets:139 errors:0 dropped:1 overruns:0 frame:0
                    TX packets:39 errors:0 dropped:2 overruns:0 carrier:0
                    collisions:0 txqueuelen:1000
                    RX bytes:33900 (33.1 KiB)  TX bytes:6614 (6.4 KiB)

          wlan1     Link encap:Ethernet  HWaddr 00:c0:ca:90:7a:98
                    inet addr:192.168.1.17  Bcast:192.168.1.255  Mask:255.255.255.0
                    inet6 addr: fe80::c043:bbb4:ffc5:4461/64 Scope:Link
                    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                    RX packets:376 errors:0 dropped:0 overruns:0 frame:0
                    TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
                    collisions:0 txqueuelen:1000
                    RX bytes:104507 (0.0 KiB)  TX bytes:8756 (0.0 KiB)

          pi@raspberrypi:~ $

        4. Configure the network interface to always be assigned ‘wlan9’.
          sudo nano /etc/udev/rules.d/70-persistent-net.rules

          Add the following line to the /etc/udev/rules.d/70-persistent-net.rules file.

          SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:c0:ca:90:7a:98", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan9"

          Your /etc/udev/rules.d/70-persistent-net.rules file should now look something like this:

          pi@raspberrypi:~ $ more /etc/udev/rules.d/70-persistent-net.rules
          SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="18:d6:c7:1d:7a:75", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan0"
          SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:c0:ca:90:7a:98", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan9"
          pi@raspberrypi:~ $

        Step 5 – Configure GPS Receiver

        Follow my GPS guide to configure the USB GPS Receiver

        Step 6 – Install Kismet

        Kismet is the clever software that performs the monitoring and tags the data with the GPS locations.

        1. Install its dependencies:
          sudo apt-get install -y libncurses5-dev libpcap-dev libnl-dev

          pi@raspberrypi:~ $ sudo apt-get install -y libncurses5-dev libpcap-dev libnl-dev
          Reading package lists… Done
          Building dependency tree
          Reading state information… Done
          The following extra packages will be installed:
            libnl1 libpcap0.8 libpcap0.8-dev libtinfo-dev
          Suggested packages:
            ncurses-doc libnl-doc

          … 30 Seconds later …

          Setting up libncurses5-dev:armhf (5.9+20140913-1) …
          Setting up libnl-dev (1.1-8) …
          Setting up libpcap0.8-dev (1.6.2-2) …
          Setting up libpcap-dev (1.6.2-2) …
          Processing triggers for libc-bin (2.19-18+deb8u9) …
          pi@raspberrypi:~ $

        2. Change into you home directory:
          cd ~
        3. download Kismet. (It is worth visiting the Kismet download website to check for the latest version. If a later version has been published, then substitute the version numbers below for the current version)
          wget http://www.kismetwireless.net/code/kismet-2016-07-R1.tar.xz

          pi@raspberrypi:~ $ wget http://www.kismetwireless.net/code/kismet-2016-07-R1.tar.xz

          –2017-05-17 15:47:26–  http://www.kismetwireless.net/code/kismet-2016-07-R1.tar.xz
          Resolving www.kismetwireless.net (www.kismetwireless.net)… 204.244.237.54
          Connecting to www.kismetwireless.net (www.kismetwireless.net)|204.244.237.54|:80… connected.
          HTTP request sent, awaiting response… 200 OK
          Length: 709364 (693K) [application/x-tar]
          Saving to: kismet-2016-07-R1.tar.xzâ

          kismet-2016-07-R1.tar.xz            100%[=======================>] 692.74K   298KB/s   in 2.3s

          2017-05-17 15:47:29 (298 KB/s) – kismet-2016-07-R1.tar.xz saved [709364/709364]
          pi@raspberrypi:~ $

        4. Extract the archive and change into the directory it creates
          tar -xvf kismet-2016-07-R1.tar.xz
          cd kismet-2016-07-R1/
        5. Run the following commands in the order below. This will take a while! On a Pi2 B+ they took: 41s, 45s, 26mins & 2s respectively. On a Pi3 B they took: 25s, 33, 15mins & 1s respectively.
          ./configure
          make dep
          make
          sudo make install
        6. Step 7 – Configure Kismet

          You’ll need to edit the following lines in the /usr/local/etc/kismet.conf file

          sudo nano /usr/local/etc/kismet.conf

          (line numbers are approx and just a guide to help you find the correct line)

          • Line 30 change:

            # ncsource=wlan0

            to

            ncsource=wlan9

          • Line 278 change:

            logtypes=pcapdump,gpsxml,netxml,nettxt,alert

            to

            logtypes=gpsxml,netxml

          Step 8 – Test Kismet

          Reboot your Pi

          sudo shutdown -r now

          Run the Kismet Server:

          sudo kismet_server

          You should see an output similar to this, I’ve highlighted detected networks in yellow. (Press Ctrl-C to exit)

          pi@raspberrypi:~ $ sudo kismet_server
          ERROR: Kismet was started as root, NOT launching external control binary.
                 This is NOT the preferred method of starting Kismet as Kismet will
                 continue to run as root the entire time.  Please read the README
                 file section about Installation & Security and be sure this is what
                 you want to do.
          INFO: Reading from config file /usr/local/etc/kismet.conf
          INFO: Plugins disabled on the command line, plugins will NOT be loaded…
          INFO: No ‘dronelisten’ config line and no command line drone-listen
                argument given, Kismet drone server will not be enabled.
          INFO: Created alert tracker…
          INFO: Creating device tracker…
          INFO: Registered 80211 PHY as id 0
          INFO: Kismet will spend extra time on channels 1,6,11
          INFO: Kismet will attempt to hop channels at 3 channels per second unless
                overridden by source-specific options
          INFO: No specific sources named on the command line, sources will be read
                from kismet.conf
          INFO: Matched source type ‘rt2800usb’ for auto-type source ‘wlan9’
          INFO: Using hardware channel list 1:3,2,3,4,5,6:3,7,8,9,10,11:3,12,13,36,38
                ,40,44,46,48,52,54,56,60,62,64,100,102,104,108,110,112,116,118,120,12
                4,126,128,132,134,136,140, 41 channels on source wlan9
          INFO: Created source wlan9 with UUID cb94a2cc-3b20-11e7-9dc7-e504c423eb01
          INFO: Will attempt to reopen on source ‘wlan9’ if there are errors
          INFO: Created TCP listener on port 2501
          INFO: Kismet drone framework disabled, drone will not be activated.
          INFO: Inserting basic packet dissectors…
          INFO: Allowing Kismet frontends to view WEP keys
          INFO: Starting GPS components…
          INFO: Enabling reconnection to the GPS device if the link is lost
          INFO: Using GPSD server on localhost:2947
          ERROR: Could not open OUI file ‘/etc/manuf’: No such file or directory
          ERROR: Could not open OUI file ‘/usr/share/wireshark/wireshark/manuf’: No
                 such file or directory
          ERROR: Could not open OUI file ‘/usr/share/wireshark/manuf’: No such file
                 or directory
          ERROR: Could not open OUI file ‘/Applications/Wireshark.app/Contents/Resour
                 ces/share/wireshark/manuf’: No such file or directory
          ERROR: No OUI files were available, will not resolve manufacturer names
                 for MAC addresses
          INFO: Creating network tracker…
          ERROR: Kismet was not compiled with PCRE, cannot use ‘ssidregex’ option in
                 an apspoof filter
          INFO: Creating channel tracker…
          INFO: Registering dumpfiles…
          INFO: Pcap log in PPI format
          INFO: Opened netxml log file ‘Kismet-20170517-16-49-30-1.netxml’
          INFO: Opened gpsxml log file ‘Kismet-20170517-16-49-30-1.gpsxml’
          INFO: Kismet starting to gather packets
          INFO: Started source ‘wlan9’
          INFO: Connected to a JSON-enabled GPSD version 3.11, turning on JSON mode
          INFO: Detected new probe network "SKYBB082", BSSID 88:E8:7F:12:1E:2F,
                encryption no, channel 0, 72.20 mbit
          INFO: Detected new managed network "BTHub5-ZAX8", BSSID 00:3F:B7:39:59:2F,
                encryption yes, channel 6, 144.40 mbit
          INFO: Detected new managed network "BTWifi-with-FON", BSSID 02:3F:B7:37:63:
                2C, encryption no, channel 6, 144.40 mbit
          INFO: Detected new managed network "<Hidden SSID>", BSSID FA:8F:DA:8A:4F:1F
                , encryption no, channel 6, 72.20 mbit
          INFO: Detected new data network "<Unknown>", BSSID C8:3F:0F:DE:DB:34,
                encryption no, channel 0, 0.00 mbit
          ERROR: pcap radiotap converter got corrupted Radiotap header length
          ERROR: pcap radiotap converter got corrupted Radiotap header length
          ERROR: pcap radiotap converter got corrupted Radiotap header length
          ERROR: pcap radiotap converter got corrupted Radiotap header length
          ERROR: pcap radiotap converter got corrupted Radiotap header length
          INFO: Detected new managed network "BTWifi-X", BSSID 22:37:B7:69:63:23,
                encryption no, channel 6, 144.40 mbit
          INFO: Detected new managed network "VM625503-2G", BSSID E4:F6:C5:C4:B7:5F,
                encryption yes, channel 3, 144.40 mbit

          and you should also have two ‘.xml’ files which contain the results:

          pi@raspberrypi:~ $ ls -l
          -rw-r–r–  1 root root    264 May 17 16:45 Kismet-20170517-16-42-12-1.gpsxml
          -rw-r–r–  1 root root 137327 May 17 16:45 Kismet-20170517-16-42-12-1.netxml
          pi@raspberrypi:~ $

          Step 9 – Install the pi-resource script to automatically upload the results

          Download the pi-resource wardriving script from GitHub:

          cd ~
          git clone https://github.com/pi-resource/WarDriving.git
          cd ~/WarDriving

          make the bash file executable:

          chmod ug+x ~/WarDriving/WarDriving.sh

          create the config file:

          cp ~/WarDriving/WarDriving.cfg.example ~/WarDriving/WarDriving.cfg

          You can now run the script. With its default settings it will pause for 10 second to allow for a GPS fix, run Kismet for 1 minute before restarting kismet (this forces Kismet to write out its log files), and then upload the results to www.wigle.net and www.pi-resource.com as an anonymous user.

          sudo ./WarDriving.sh

          pi@raspberrypi:~ $ git clone https://github.com/pi-resource/WarDriving.git
          Cloning into ‘WarDriving’…
          remote: Counting objects: 31, done.
          remote: Compressing objects: 100% (31/31), done.
          remote: Total 31 (delta 12), reused 0 (delta 0), pack-reused 0
          Unpacking objects: 100% (31/31), done.
          Checking connectivity… done.
          pi@raspberrypi:~ $ cd WarDriving/
          pi@raspberrypi:~/WarDriving $ chmod ug+x WarDriving.sh
          pi@raspberrypi:~/WarDriving $ cp WarDriving.cfg.example WarDriving.cfg
          pi@raspberrypi:~/WarDriving $ sudo WarDriving.sh

          WarDriving by pi-resource
          This bash script automates the collection of WarDriving data and can upload the data to www.wigle.netwww.pi-resource.com and a FTP server if configured to do so.
          It uses Kismet to log WiFi hotspots. After a set amount of time Kismet is restarted which forces Kismet to write its log files.
          Once the Kismet Server has restarted, the war driving files from the previous instance are compressed an attempt made to upload them.
          Any Comments, questions or suggested improvements, please visit http://www.pi-resource.com
          Version: 1.0
          Release date: 2017-05-17

          Configuration
              On start-up, pause for 1 second(s) to allow the GPS to get a fix
              Save and compress logs every 1 minute(s)
              Upload to&nbsp;www.wigle.netYES
                 — Wigle User: Anonymous (Wigle username and password not set)
              Upload to www.pi-resource.comYES
              Upload to a FTP server of your choosing? NO
              Files to be deleted after upload? YES
              Files will be deleted even if not uploaded once used disk space exceeds: 95 %

          Waiting 0 seconds before starting Kismet server to allow the GPS a chance to get a fix
          Checking directory structure: DONE
          Checking if Kismet Server is running: DONE – Kismet Server was not running
          Checking if there are kismet log files to move: DONE – No Log files required moving
          Starting Kismet Server: SUCCESS – Kismet Server Started
          Checking if there are kismet log files that require compression: DONE – No files required compression
          Checking for Internet Connection:  SUCCESS – Internet connection available
          The following files are identified for deletion:
          Checking used disk space: 3%
          Waiting 0 seconds before restarting the cycle

          Kismet exiting.
          DONE – Kismet Server killed
          Checking if there are kismet log files to move: DONE – 2 Log file(s) moved
          Starting Kismet Server: SUCCESS – Kismet Server Started
          Checking if there are kismet log files that require compression: DONE – 2 File(s) compressed
          Checking for Internet Connection:  SUCCESS – Internet connection available
          Uploading to Wigle: YYN.b827ebc0d22c.1495045495.11046.tar.gz SUCCESS
          Uploading file to Pi-Resource:
                NYN.b827ebc0d22c.1495045495.11046.tar.gz SUCCESS
          The following files are identified for deletion:
                NNN.b827ebc0d22c.1495045495.11046.tar.gz DELETED
          Checking used disk space: 3%
          Waiting 53 seconds before restarting the cycle
          pi@raspberrypi:~ $

          Step 10 – Configure the pi-resource script

          Lines 27 to 57 of the script contain the configuration settings. To edit the file:

          nano ~/WarDriving/WarDriving.cfg

          You may wish to change the following:

          Line Default setting Comment
          7 timerGps=1 This is a delay when the script is first run to allow the GPS to get a fix before kismet is started. Recommend 60 seconds
          10 timerRepeat=60 This is the length of time Kismet is run, before being forced to restart and an upload is attempt of all collected data. Optimum value is 300 (which is 5 minutes)
          14 wigleUpload=1 Upload to Wigle.net? 0=No, 1=Yes
          15 wigleUserName= Enter your Wigle username here i.e. wigleUserName=ultimateWarDriver89
          16 wiglePassword= Enter your Wigle password here. i.e. WiglePassword=superSecretPassword
          19 piResourceUpload=1 Upload to pi-resource? 0=No, 1=Yes. Here at pi-resource we are testing some interesting data mining techniques so every bit of data helps. Thanks!
          23 to 28 ftpUpload=0
          ftpHost=
          ftpRemoteDirectory=/
          ftpUser=
          ftpPassword=
          ftpConnectTimeout=3
          If you wish to upload your results to your own FTP server, then enter the details here
          31 deleteAfterUpload=1 Once files have been successfully uploaded, delete them from the SD card? 0=No, 1=Yes.
          35 filesystem=/dev/root No need to change this unless you have a custom setup, in which case you’ll know what to do here!
          36 filesystemUsedSpaceLimit=95 This is the Percentage (%) of disk space which can be used before the oldest war driving logs are deleted. i.e. Once the SD card is over 95% full, automatically delete the oldest log files. It is suggested to keep at least 5% of disk space free for upgrades and general OS operations.
          52 upsInstalled=0 Is an adafruit UPS (uninterruptible Power Supply) installed? 0=No, 1=Yes
          53 upsType=Stack adafruit UPS model. Options: Stack, TopEnd, Plus
          54 upsBatteryType=LP adafruit UPS battery type? LP=LiPo, LF=LiFePo4
          55 upsMaxUploadAttempts=10 When running on UPS battery power, the number of upload attempts that are made before the Pi is safely shutdown.
          56 upsTimeBetweenUploadAttempts=10 When running on UPS battery power, the delay in seconds between each upload attempt.

          Step 11 – Autorun the script at startup

          Edit ‘/etc/rc.local’ to run the WarDriving.sh script when the Pi boots-up.

          sudo nano /etc/rc.local

          Add the following lines highlighted in yellow, just above the ‘exit 0’.

          #!/bin/sh -e
          #
          # rc.local
          #
          # This script is executed at the end of each multiuser runlevel.
          # Make sure that the script will 
          “exit 0” on success or any other
          # value on error.
          #
          # In order to enable or disable this script just change the execution
          # bits.
          #
          # By default this script does nothing.
          # Print the IP address

          _IP=$(hostname -I) || true
          if [ "$_IP" ]; then
            printf "My IP address is %s\n" "$_IP"
          fi

          #run WarDriving.sh as user pi
          su pi -c '/home/pi/WarDriving/WarDriving.sh >> /tmp/wd.log 2>&' &


          exit 0

          Ctrl-O to save
          Ctrl-X to exit

          For more information about editing the rc.local file, please see my ‘Automatically run a programme on boot up‘ guide

          802.11 a/b/g/n/ac explained

          • 802.11 Is a standard published by the IEEE. Standards allow hardware from different manufactures to communicate with each other as they can all ‘talk the same language’. This standard defines how Wireless LANs (i.e. you Access Point and Wi-Fi cards) should operate.
          • a/b/g/n/ac Refers to the various protocols. As technology improves, new standards/protocols are released to take advantage of greater speed, efficiency, coverage and power usage.

          Wi-Fi can operate on several different parts of the frequency spectrum. The most popular is the 2.4Ghz band followed by the 5Ghz band. Not all the protocols can operate on both bands. In summary:

          802.11 Protocol 2.4 Ghz 5 Ghz Comments
          a no YES Upto 54 Mbit/s
          b YES no Upto 11 Mbit/s
          g YES no Upto 54 Mbit/s
          n YES YES Upto 150 Mbit/s
          ac no YES Upto 866 Mbit/s

          Therefore, in order to detect the most networks when out War Driving, ideally you want a Wi-Fi dongle that is Dual Band (2.4Ghz and 5Ghz) and supports a/b/g/n/ac. However, these are expensive and the dongle I chose does not support ‘ac’. However, I’m not missing out on that much because there are very few ‘ac’ dedicated networks. Most networks that support ‘ac’ also support ‘n’ in order to achieve backwards capability with older devices. Therefore networks with both ‘ac’ and ‘n’ enabled are detected by my dongle.

          Are high gain antennas better? Not always – choose carefully

          As my old man would say, “there is no such thing as a free lunch”, and this applies equally well to Wi-Fi antennas. In order to achieve more gain in one direction, then the gain in a different direction must be sacrificed. When it comes to Omni-directional Wi-Fi antennas (those designed to work in all directions), a higher gain means greater sensitivity in the horizontal plain and less sensitivity in the vertical plain. To see why this matters, consider my diagram below:

          If you are in a city centre with high-rise buildings next to you then you may find a 2 dBi antenna more effective as it will collect the Wi-Fi signals from higher floors. If you are driving through the country where there are only single story houses set well back from the road, then a 9 dBi high gain antenna would likely yield better results. If driving through a suburb then you may find a 5 dBi more effective. Therefore do not be fooled into getting the highest gain antenna available on eBay thinking that would be best for all situations. Try experimenting to match your antenna to the environment you’re War Driving in.

3 thoughts on “WiFi War Driving / Wardriving”

Leave a Reply

Your email address will not be published. Required fields are marked *