][ Wardriving with a Thinkpad T40p ][

This post is a little bit outdated!

What is wardriving?
Wardriving has nothing to do with warmongering. It is an abbreviation of Wireless Access Revolution Driving. Wardriving is an activity consisting of driving around with a laptop in one’s vehicle, detecting Wi-Fi wireless networks.
While some wardrivers do engage in more malicious hacking endeavors, the average wardriver – and so am I – is typically only out to log and collect information from the Access Points (AP’s) they find while driving.

System and kernel:
I have installed Debian Sid/Unstable Linux on my Thinkpad T40p. Currently I use a 2.6.9-rc1-mm5 kernel with some additional patches. My kernel configuration is available in the files section.

Hardware drivers:
The internal 54MBit/s WiFi Card of the T40p works fine with the driver from the MadWiFi project.
I bought an NMEA compatible USB GPS-Mouse with Evermore chipset from eBay which works fine with the pl2303 kernel module. You need to enable CONFIG_USB_SERIAL_PL2303=y in your kernel configuration. Once modprobed, the module detects the GPS-Mouse whenever it is plugged in, so it can easily be accessed via /dev/ttyUSB0.
Excerpt from /var/log/syslog:

[..]
Aug 29 10:53:18 neutrino kernel: pl2303 3-2:1.0: PL-2303 converter detected
Aug 29 10:53:18 neutrino kernel: usb 3-2: PL-2303 converter now attached to ttyUSB0
[..]

][ Software:
The primary WLAN sniffing software I use is Kismet. Making Kismet and the MadWifi driver working together is only possible with the developer release of Kismet, which can be checked out via subversion. The Kismet source comes with a nice gpsmap tool, which needs a recent libmagick6-dev library to run. If you don’t want to plot maps, you can compile Kismet without it.
My Kismet configuration file is available in the files section.
Ethereal can be used to analyse the log files which are produces by Kismet. Here’s a screenshot.
Another nice program is GpsDrive, which works perfectly together with Kismet and shows a moving map with all the detected hotspots. It uses a free map service to download maps automatically via mouse click. Nice!
GpsDrive can store the detected networks in a mysql database.

Creating maps:
After a while of ][ you will want to plot some maps of your collected data. Kismet produces a lot of files. The .gps – files can by used by gpsmap to do it. The following line creates a large map (1280×1024) of your data. The open networks will be marked green and the wep-encrypted spots will appear red. The estimated distance of the hotspots is shown as circles. Isn’t it nice?

gpsmap -o map.png -S0 -D -s17500 -n1 -M -e -r -R50 -G *.gps

A wardriving map generated by gpsmap

My maps:

• Maps removed due to legal issues!

Some links:

• Debian Linux
• Linux Kernel
• MadWifi WLAN driver
• Kismet WLAN Sniffer
• GpsDrive
• Ethereal Traffic analyzer (offline now)

Files for downloading:

• My kernel configuration
• Kismet configuration file