War Dog walking for wireless access points
By Danx-Oracle on Nov 05, 2005
Trusty assistant servicing prototype antenna
So, with dog leash and poop bag in one hand, and laptop running Kismet in the other, I gave it a try (hardware details below). However, as soon as I got outside, Kismet immediately found about 10. By the time I got done walking (10-15 minutes), Kismet found 60-some APs. 40 are displayed on the screen--that's all that would fit.
Security usage The main reason I did this is I was curious how many APs are in my neighborhood and how many are secured. Of the 40 or so APs, 10 (25%) were wide open, 24 (60%) were secured with WEP (which can be broken in a few minutes with downloadable software), and only 6 (15%) were secured with WPA (see column "W": "N" open, "Y" is WEP, and "O" os WPA).
Channel usage Looking at channel usage (column "Ch"), channel 6 was the most popular, the typical default, with channel 11 coming second. Channel 1 is the least popular, so that is usually the best to use. Note that if you or someone else has a 2.4GHz wireless phone, it's most likely to interfere with the upper channel,11, rather than 6 or 1. Other channels are used, such as 4, 6, 7, but those overlap with two out of channels 1, 6, and 11. Only channels 1, 6, and 11 should be used as the other's overlap (for example, channel 5 overlaps with channel 1 and 6).
Hardware Details For my wardogwalking, I used my IBM T40 Thinkpad. It has an IBM 11abg II wireless adapter and runs SuSE Linux 9.3 with Kismet (it also runs Win XP and Solaris 10). I used the built-in laptop antenna (instead of a "high-gain" antenna, which would have had better reception). I don't have a GPS, which real wardrivers use to plot where the APs are located.
Kismet output after dog walk