Airtouch Networks War Driving Kit

By Jim Geier

August 28, 2002

Whether you're sniffing around other people's networks or checking the security of your own, it's always handy to try it from the outside. You no longer have to build a war driving system yourself when kits like this are available for purchase.

Model Number: Enthusiast Kit ($399 MSRP)

Airtouch Security Systems' war driving kits enable just about anyone to utilize a laptop to perform security auditing on wireless LANs. All kits currently include sniffing software, 802.11b radio NIC, and antenna. Airtouch sells different versions of the kit with varying antennas types. For example, the Enthusiast Kit that I tested came equipped with a medium power, car-mountable, omni-directional antenna. Other versions include the Beginner Kit ($299), which comes with a lower power omni-directional antenna, and the Pro Kit ($499), that includes a higher power, car-mountable omni-directional antenna.

Pros:

  • Easy to install and use
  • Relatively low price

Cons:

  • Limited analysis features
  • Limited radio NIC support

The war driving Kit is definitely easy to setup and use. All you need is a laptop and the contents of the Kit, and you're ready to get started. Airtouch includes NetStumbler software with very clear installation instructions. An Avaya radio NIC was in the Kit, and my laptop (running Windows XP) recognized and installed the card without any problems. If the software drivers that came with the card do not work with your PC, then you'll need to download the latest drivers from the radio NIC manufacturer's Web site. All you have to do after installing the NIC and NetStumbler is to attach the antenna, and you're ready to go war driving.

The price of the war driving Kit is relatively low as compared to other analyzers. You also get 30 days of toll free technical support with the Kit, so the price isn't too bad for non-technical people who will likely need the support. With the Kit, however, you're really only paying for the hardware (radio NIC and the antenna).

If you're technically literate, then you can download and install a free copy of NetStumbler and just purchase a compatible NIC (or use one you may already have). Netstumber is "BeggarWare," and you can only use it for personal use and not redistribute it without the author's (Marius Milner) express permission. If you like the software, then Marius asks you to send him how every much money you feel the software is worth.

A point to consider is that Airtouch doesn't currently provide standard analysis software. NetStumbler alone is a simple, handy option for scanning wireless LANs. It captures wireless LAN information, such as SSID (service set identifier), access point channel and MAC addresses. It also includes a nice graph showing signal and noise power.

You might receive sniffing software other than NetStumbler, though, in Airtouch's Kit. In fact, you might also receive some other vendor's radio NIC. Airtouch only guarantees that you'll receive everything you need (minus the laptop) to go war driving.

NetStumbler supports any radio NIC having the Hermes chipset (e.g., Orinoco and Avaya). As a result, you're limited in the choice of radio NICs. This is a common problem with 802.11 analyzers, mainly because the test tool vendors have difficulties supporting a wide range of card drivers. In the future, Airtouch may introduce additional sniffing software in their kits that will interface with a wider variety of radio NICs.

War Driving Experience

After installing NetStumbler, the radio NIC, and the antenna, my son, Eric, and I hit the road. I recommend that you take someone with you before war driving. You'll need an additional person to manage the laptop and aim the antenna.

We kept the antenna inside the car, which limited range due to the car's attenuation. Neither one of us wanted to look too conspicuous by mounting the antenna on top of the car. By having the antenna inside the car, you'll experience about 3 dB of attenuation compared to mounting the antenna outside. This cuts the signal power in half, but that didn't seem to matter. We found more than enough access points with this configuration.

We started by driving through the commercial areas around my office and were really amazed by the number of wireless LANs we found in retail stores, office complexes, schools and hotels. It was a thrill each time NetStumbler would beep, indicating that it found another access point.

Most of the access points we found were broadcasting SSIDs (service set identifiers) with no WEP (wired equivalent privacy) enabled. That was quite a surprise. We could also see what channel they were operating on and all of the associated MAC (medium access control) addresses. As a result, the networks were open enough for us to interface with and possibly utilize associated network resources. Of course, we didn't do that!

The war driving experience was actually pretty fun. Of course the true utility of a tool such as the War Driving Kit is to test your own network. We tried analyzing the wireless LAN in my office, but didn't detect anything except for some radio waves. The Kit wasn't able to break through the extra security that we have in place. You can use the Kit for testing your wireless LAN, but like others you'll probably jump in your car soon after receiving the Kit and drive all over the city in which you live.

Summary

The War Driving Kit is an easy to use, low cost tool for equipping yourself for war driving. Whether you're going to cruise around and find access points for fun or use it to check the hardening of your own wireless LAN, the Kit does a good job. Keep in mind that this is just one instrument, however, and its limited analysis features may keep you from fully assessing the security of your network. You may still need a higher end analysis tool such as AiroPeek or Airmagnet.

Jim Geier provides independent consulting services to companies developing and deploying wireless network solutions. He is the author of the book, Wireless LANs (SAMs, 2001), and regularly instructs workshops on wireless LANs.

Join him for discussions as he answers questions in the 802.11 Planet Forums.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.