Does anyone have a good method (or link to a page w/instructions) for Wardriving with a 770?

I'm working on a security project and I want to use the 770 to detect (and hopefully locate) rogue access points around my work.

The 770 seems like it could be a useful tool for this.

I have Kismet up a running w/o doing any tweaks, but maybe others can share their experiences?

Thanks!

I just drive around with the tablet's Select Connection screen open, it automatically refreshes every 15 seconds or something like that. If you're not doing highway speeds, it's generally plenty fast enough to get a good list of access points. (in my experience anyways...but i've only had mine/been war driving for two days now)

Slakker thats not war driving ;) War driving is finding the acces point and compromising it.

additionally, the Select Connection screen will only show APs that are broadcasting their SSIDs or are defined otherwise. kismet will discover the AP, hidden or not, and attempt to enumerate any devices associated with the AP.

Thats why Kismet would be my app of choice for this project. The site that I found about it (http://www.ptlug.org/wiki/Howto_Wardriving_Con_Nokia_770_Kismet_e_Google_Ear th_Maps was interesting (I had to translate it using Google) but I haven't had a chance to try their method. Anyone else with a Wardriving method?

Slakker thats not war driving ;) War driving is finding the acces point and compromising it.

Actually that would be piggybacking.....wardriving has nothing to do with using or compromising found APs

Slakker thats not war driving ;) War driving is finding the acces point and compromising it.

No that's called a felony.

No that's called a felony.

:rolleyes: :rolleyes: :rolleyes:

Lame...

But any wais I did stand corrected the 2 terms do get mixed in.

Its not a felony if its your job. ;)

I use applications like NetStumbler and Kismet in my job. They are excellent site analysis tools. I can judge wireless coverage easily, and know exactly what APs cover what area. Since PocketStuble doesn't work with my 8125's wireless card, an alternative for the 770 would be a great application; even if it has some shadier uses.

I haven't really gotten into it very deep yet but it is kinda fun...a little tough to keep the ol' eyes on the road at times, though...I'll probably get me some kismet goodness...although GPS is out of my financial reach for the moment. (the 770 itself was a stretch for one of my "on a whim" purchases.)

Its not a felony if its your job. ;)

SECOND that :D

Right now i have been using netstumbler, but its slightly inconvenient to tote around a laptop for it. i dont have a compatible ppc for the job but i do have my 770. i have multiple branches/locations that must be sanned for APs. i want to use kismet as described in the article i referenced earlier and then plot the signals based on their gps readings. basically, i want to be able to write my report as definitively being able to assure that there are no APs on company property.

And if i can't identify them based off of location, i _could_ have probable cause to believe that our network might be @ risk and then decode any encrypton (if necessary) to connect to them - to prove that they are attatched to our network.

Im just looking for other known methods.

What is the info you need? You want to find non-secured APs or both secure/non-secure? Do you want to find both broadcasting and hidden SSIDs?

another thing about kismet is that you will only get the GPS coordinates of where you were when the AP was first found. it is not really a definitive means of plotting your target wireless networks range. you may have to break out the laptop and use netstumbler to get SNR readings to truely define the coverage radius.

Exactly! I can plot the detection of each AP and then show its signal strength based on location. Basically triangulate the location of each AP to prove that it isn't physically located near the network.

This is only one step of the project that I am working on, but my evil overlords, er, I mean employers have high expectations for a comprehensive report.

Thank you guys for the comments!

Jeffus - the info I am looking for is AP detection, what encryption it uses, physical location (best possible), and risk assessment. I need to hunt down any & all APs near the company's locations.