Ultimate War Driving Rig


If you are new to War Driving you may wish to start with the following guide as the information below is not a step-by-step tutorial.

After a reasonable investment in Wi-Fi dongles I had hoped to build a war driving rig that would have a dedicated Wi-Fi card for each of the 13, 2.4Ghz channels. This seemed a good idea given that the 2.4Ghz band is currently far more popular than the 5Ghz band. Having a Wi-Fi dongle dedicated to each 2.4Ghz channel would negate the need for frequency hopping and as such I wouldn’t miss anything. As for the 5Ghz band, there are more channels but as this band is less popular, I though it reasonable to have 5 Wi-Fi dongles (two of them 802.11ac compatible just in case there were any ‘ac’ only networks out there) hopping through the 5Ghz band.

With a quality 5v, 40 Amp power supply (yup, 40A without dropping a single 0.1v under load to supply all the thirsty USB hubs) I thought I was ready to go, but…. plugging it into the Raspberry Pi exposed driver and USB instability issues. It turns out that these ‘bugs’ are documented, but with it effecting few people the chances of them being resolved is slight. After a lot of experimentation, I found that the most number of Wi-Fi dongles I could run simultaneously was:

  • 4x Ralink RT3070 with 2x Ralink RT3572

Any other combination or configuration became unstable with fewer devices. Thus, the combination above is currently the best that can be reasonably achieved on a Raspberry Pi. This gave me 4 dongles for 2.4 Ghz and 2 dongles on 5Ghz. Within the 2.4Ghz band, the most popular channels are 1, 6 & 11 due to their non-overlapping nature. I therefore configured them as follows:

  • 2.4Ghz Channel 1 – Dedicated – RT3070
  • 2.4Ghz Channel 6 – Dedicated – RT3070
  • 2.4Ghz Channel 11 – Dedicated – RT3070
  • 2.4Ghz Channels 2, 3, 4, 5, 7, 8, 9, 10, 12, 13 – Hopping, 3 channels per second. – RT3070
  • 5 Ghz Channels 36 – 165 – hopping – RT3572
  • 5 Ghz Channels 36 – 165 – hopping – RT3572

Persistent Rules

pi@raspberrypi:~ $ more /etc/udev/rules.d/70-persistent-net.rules
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="b8:27:eb:55:e9:32", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan0"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="7c:dd:90:d0:81:95", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="7c:dd:90:d0:80:a4", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan3"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="7c:dd:90:d0:81:77", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan4"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="7c:dd:90:d0:81:b1", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan5"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:c0:ca:90:7a:98", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan8"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:c0:ca:90:7a:7d", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="wlan9"
pi@raspberrypi:~ $

Kismet configuration

/usr/local/etc/kismet.conf
Configure each of the Wi-Fi dongles:

ncsource=wlan2:hop=false,channel=1
ncsource=wlan3:hop=false,channel=6
ncsource=wlan4:hop=false,channel=11
ncsource=wlan5:hop=true,channellist=Custom2uk
ncsource=wlan8:hop=true,channellist=Custom5uk
ncsource=wlan9:hop=true,channellist=Custom5uk

Create custom channel lists to achieve the desired non-overlapping coverage:

# UK 2.4Ghz channels that exclude channels 1, 6 and 11 as these already have a dedicated WiFi card associated with them.
channellist=Custom2uk:2,3,4,5,7,8,9,10,12,13
# UK 5Ghz Channels:
channellist=Custom5uk:36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,132,134,136,138,140,142,144,149,151,153,155,157,159,161,165

Note: I am based in the UK so I am only scanning UK channels. Greater or lesser restrictions may apply to other countries so it is worth checking out the Wiki as interception of additional channels could be illegal.

Typically WiFi dongles will restrict the channels and transmission power based on their country configuration. For example, the Alfa AWUS051NH v2 that I am using is also capable of using channels: 167, 169, 171 and 173 and yet has channels 149 to 173 disabled as these are reserved for other purposes in the UK. You may wish to check out my guide on enabling additional WiFi channels which can lift the monitoring and transmission power restrictions that are otherwise implemented.

The end result:



Incorrect title

Ok…… So this isn’t an ‘Ultimate’ setup as an ultimate setup would have a dedicated WiFi dongle for each channel. However given that 6 WiFi dongles was the most I could achieve given driver and USB stability issues – I hope it qualifies as an ‘ultimate’ (Raspberry Pi) War Driving Setup or at the very least, a good attempt! Happy War Driving folks!

Leave a Reply

Your email address will not be published. Required fields are marked *