Hack 42 War Driving for WiFi Access


WiFi networks are everywhere, it seems; you can get free Internet access on wireless community FreeNets armed with your laptop, a car, and software called Network Stumbler.

One of the coolest technological advances in popular use today is the wireless network. Wireless networks based on the WiFi standard (802.11x) are becoming increasingly common across the country?not only in people's homes, but also in universities, corporations, coffee shops, airports and other public places. Now you can bring your email to Starbucks.

There are frequently dozens near one another, particularly in certain urban neighborhoods and suburban office parks that house high-tech companies. Where I live?in Porter Square in Cambridge, Massachusetts?there are dozens of wireless networks in private homes, apartment buildings, and businesses within a very short walk from my home. There are at least half-a-dozen on my three-block street alone, in addition to mine. From my back porch, I get access to my own wireless network, but can also often pick up signals from four nearby WiFi networks.

The widespread availability of these inexpensive WiFi networks has led to a grassroots community wireless networking movement. The idea is simple: allow people passing by to use your WiFi network to hop onto the Internet and they in turn let you and others use their WiFi networks for Internet access when you pass near their homes or places of business. These wireless grassroots organizations are often called FreeNets. You'll find them in cities including New York, Seattle, Houston, and the San Francisco Bay area, as well as others. For more details about them and how to participate, go to Free Networks.org (http://www.freenetworks.org) In fact, some cities themselves are creating free wireless zones in downtown business areas to allow anyone with a wireless-enabled computer to get Internet access. Paris, for example, may soon be known for more than its beauty, culture, good food and disdain for tourists; it may turn into one giant wireless zone, allowing Internet access anywhere in the city, though for a price.

How do you find these wireless networks? The best way is by doing what has become known as war driving?driving through neighborhoods with your laptop, special software, and, if you want to pick up more networks, an antenna hooked up to your WiFi card.

The extremely environmentally conscious prefer to go war walking, though walking around with a laptop is not particularly easy. A better way is with a WiFi-equipped PDA, like the Palm Tungsten C.

Run the software, and it not only locates the network, but also provides a variety of information about it that you can use to connect to it, such as its SSID (network name), whether it uses encryption, and the wireless channel it's on. Armed with that information, you should be able to connect to it if it's a FreeNet?for example, if it is set to allow anyone to connect to it, or if it uses a commonly agreed-upon security scheme that everyone in the FreeNet uses for their WiFi networks.

If you walk in certain urban neighborhoods, you may notice strange symbols on the sidewalk that look something like those pictured in Figure 5-1. Yes, it's a conspiracy, but in the positive sense. These are war chalking symbols that tell passersby that there is a nearby WiFi network. The left symbol means the wireless network is open; the middle one means it is closed; and the right one means it uses WEP encryption. There may be other information next to the symbol that gives information on how to connect to the network, such as the SSID. The symbols were inspired by the practice of hoboes, who during the Great Depression would make chalk marks near homes that were friendly to hoboes and would give them food. For more information about war chalking, go to http://www.warchalking.org.

Figure 5-1. War chalking symbols

To go war driving, download the free Network Stumbler program (http://www.netstumbler.com), which shows you detailed information about any nearby wireless network. Figure 5-2 shows what happens when I run the software on my back porch. I can detect signals from four nearby WiFi networks in addition to my own.

Figure 5-2. Detecting nearby wireless networks with Network Stumbler

For each WiFi network it uncovers, Network Stumbler tells you the network's SSID, name, manufacturer, channel, type, signal strength, signal-to-noise ratio, and whether the network's encryption is enabled, among other details. Armed with that information, you can try to connect to the network.

If a network uses encryption, a small lock appears next to it; look closely at the Mookieville network in Figure 5-2 and you might be able to see it.

Once you've found a network, exit Network Stumbler. Then, to connect to the network, double-click on the small network icon in the System Tray (officially known as the XP Notification Area?the area of the Taskbar where XP corrals little icons). The Wireless Network Connection Status screen appears. (To see what it looks like, flip ahead to Figure 5-26.) From this screen, choose Properties Wireless Networks, and you'll see the screen shown in Figure 5-3.

Figure 5-3. The Wireless Network Connection Properties screen

If this screen doesn't show you the network uncovered by Network Stumbler, click Refresh. If the network still doesn't show up, that's because the signal is too weak for you to connect to it. To connect to a network shown on this screen, click Configure and fill out the information required in the screen. You'll then get into the network.

Not everyone will be able to use Network Stumbler, because it won't work with all wireless network cards. As of this writing, it worked with the following cards (and possibly some others not listed here as well): Lucent Technologies WaveLAN/IEEE (Agere ORiNOCO); Dell TrueMobile 1150 Series (PCMCIA and mini-PCI); Avaya Wireless PC Card; Toshiba Wireless LAN Card (PCMCIA and built-in); Compaq WL110; Cabletron/Enterasys Roamabout; Elsa Airlancer MC-11; ARtem ComCard 11Mbps; IBM High Rate Wireless LAN PC Card; and 1stWave 1ST-PC-DSS11IS, DSS11IG, DSS11ES, and DSS11EG. For more information, go to C:\Program Files\Network Stumbler\readme.html, assuming you've installed the program in C:\Program Files\Network Stumbler.

Network Stumbler will find all wireless networks near you, not just those that are part of FreeNets. So, you may well find the wireless networks of people who don't realize that others outside of their homes or businesses can tap into their network. Some law enforcement officials will tell you that tapping into those people's networks is illegal, so be forewarned.

5.2.1 Mapping Wireless Networks

Network Stumbler lets you save your war-driving information in a file, and you can then upload that information to a web site (such as http://wifimaps.com) that uses your information and information provided by many other war-drivers to create maps of WiFi networks across the country. You can zoom in and out on these maps, so you can get a view of the concentration of WiFi networks in a metropolitan area, or you can see individual WiFi networks on individual streets, as shown in Figure 5-4.

Figure 5-4. A map showing WiFi networks in my Somerville neighborhood

Go to http://wifimaps.com to view the maps or to upload your Network Stumbler information. Be aware that the site is a volunteer effort, and, not uncommonly, you'll find that the maps aren't working. If that happens, check back again in a few days; it usually gets up and running after a while.

5.2.2 Build a Homemade Wireless Cantenna for War Driving

One way to increase the range of your war driving and the strength of the signal when you connect to WiFi networks is to build your own wireless antenna. You can build them for a few dollars using a tin can and other stray parts, as long as you're willing to do a little bit of soldering. Because they're built out of tin cans, they're frequently called cantennas.

My 13-year-old son Gabe built several for his seventh-grade science fair project and compared the effectiveness of each. The results were clear: the giant 34.5-ounce coffee cans were far superior to normal-sized coffee cans and Pringle's cans.

If you haven't bought a WiFi card yet and are considering building one of these cantennas, I suggest buying an Orinoco card. It has a small connector in its side through which you connect a pigtail connector , which can then be hooked up to a small antenna you build out of copper wire and a small connector, which goes inside the tin can. There are a number of places you can buy a pigtail and the required connectors, including Hyperlink Technologies (http://www.hyperlinktech.com). If you don't have a WiFi card with a small connector, building one of these cantennas becomes much more difficult.

There are many places online where you can find good directions for making cantennas. Three good places to start are www.oreillynet.com/cs/weblog/view/wlg/448, www.netscum.com/~clapp/wireless.html, and www.turnpoint.net/wireless/cantennahowto.html. Just so you get the idea of what you'll do, though, you first empty and wash the can. Next, you build the small antenna that will go inside the coffee can by soldering a short piece of thick copper wire to a small piece of hardware called an N connector. Then, drill a hole in the can and insert the small antenna you just soldered. Attach the antenna to the can by securing it with small screws and bolts. Attach one end of the pigtail to your wireless card, attach the other end to the N connector, and voila! You have a cantenna.

5.2.3 See Also

  • [Hack #57]

  • [Hack #53]