I was wondering if anyone had any experience or suggestions with regard to techniques or tools to use to locate clients that are connected to wireless access points.
I have a situation where someone in or near an apartment building is accessing an open WAP to do "bad" things. We have his MAC and can tell when he is logged on, but we want to locate him physically.
Any suggestions?
-AirMagnet WiFi Analyzer PRO.
AirMagnet Analyzer’s Find Tool locks onto an unauthorized/rogue or policy violating AP or station and guides the user to its physical location.
- Yellowjacket BANG
When equipped with a BVS DF (Direction Finding) antenna, Yellowjacket® B/A/N/G locates and pinpoints rogue APs and STAs and even detects interference from sources such as microwave ovens and cordless phones. Powerful packet analysis features such as Multipath (Ec/Io), SNR (Signal-to-Noise Ratio), Delay Spread, Channel Frequency Response (CFR), SSID and Received Signal Strength Indicator (RSSI) give Yellowjacket® B/A/N/G the distinction of being the only true handheld RF spectrum protocol analysis and direction finding tool accurate to within +1 dB.
Also
http//
http//
jaclaz
Thanks for the info.
The Yellowjacket looks like what might be the most useful for what I need to do. I've just emailed the supplier to see what the cost of the equipment is.
As for NetStumbler, I don't think it will allow me to locate rogue clients, only APs. I've also used Kismet to see clients logged on to APs, but unfortunately it isn't a lot of use in locating them (e.g. with a directional antenna).
Anyway, thanks again for the input.
Cost is around 5-6k.
I've used the Yellowjacket on a job before. Works great, need a boss willing to buy one.
For a cheaper alternative, you could try hacking up a war driving outfit with a customized directional antenna and then try Kismet, perhaps even all setup with Backtrack boot CD. You need to be able to detect the beaconing from the Wifi NICs not just APs.
Antenna stores
http//
http//
or even a can-tenna
http//
http//
Other antenna goodness
http//
http//
Info on detection using Kismet.
http//
Good luck and Google is your friend.
\M
Just got a price estimate on the yellowjacket - way beyond my budget…
At the moment I'm trying Kismet (BackTrack4) with a cantenna to get some directionality but I'm not getting any strength readings on the client, just on the AP. I probably just need to configure it properly.
A colleague using airodump-ng seems to be getting nice signal strength readings for the client on the other hand.
Not a terribly elegant solution, but at least it seems to be working.
If I find anything better I'll re-post.
Just got a price estimate on the yellowjacket - way beyond my budget…
I only get to use the Yellowjacket at one of my DoD clients. Not really in my budget either, but it works.
I will be interested in what works in a budget approach. Please keep us posted on your results.
In combo with your open source tracking, look for "hamster" "wifi" and "cookie". There was a WiFi write up here somewhere on it.
hamster dumps HTTP traffic, including cookie details, IM chats, other relevant information. It is highly possible the user will dump various data that can locate the individual.
In combo with your open source tracking, look for "hamster" "wifi" and "cookie". There was a WiFi write up here somewhere on it.
hamster dumps HTTP traffic, including cookie details, IM chats, other relevant information. It is highly possible the user will dump various data that can locate the individual.
Thanks jhup, sniffing the user's traffic is being considered however the officer doing the investigation was hoping to avoid a part 6 warrant (i.e. intercept warrant). The ISP would also charge him $$$ to collect the data.
One person that I talked to pointed out that an intercept warrant might not be needed however as there should be no expectation of privacy when you are using a system illicitly. But then that's more of a question for the Law forum.
We're hoping to come up with a low/medium budget easy to implement solution that we can share with others. Maybe an iPhone app. lol
Triangulation with your cantenna?