Wardriving new parts of NOVA.

18 July 2009

802.11 analysis downloads information infosec nova statistics summary wardriving wireless

When I first started driving I taught myself how to navigate Pittsburgh by filling up my car with gas, picking a direction to drive in for fifteen or twenty miles, and getting thoroughly lost. I’d then spend the evening trying to get back home, or failing that, someplace that I recognized and could navigate from. I was thinking about that this morning as I attached a GPS puck to the roof of my car and ran the interface cable through the window. It’s been a long and busy couple of weeks, so while Lyssa was out and about today I thought that I’d spend a little time on the road wardriving parts of northern Virginia that I’d not seen before, just as I used to do in college. After a cup of coffee and a small breakfast I picked a direction, this time due west on route 50, and headed out to see what I could see. I got good and lost a couple of times in parking lots and side roads in Fairfax (no, really) because I found some roads that I’d never come across in my travels. After about two hours I packed it in, booted up my TomTom, and set course for home.

I had to let Windbringer cool down to safe levels because he was running flat out while inside a protective case. As a result I don’t think that I’ll be using him for wireless assays while running solo; I’ll start using my EeePC for that. Anyway, I’ve run some preliminary analyses on the data: it seems that the most popular channels are still channel 6 (457 access points), channel 1 (300 access points), and channel 11 (285 access points). I also found some strange channels which are apparently in use, like 64 and 36. I don’t know how this is possible but I could probably figure it out with a little research.

WEP encryption is supported by 936 out of 1,223 access points; another 297 don’t seem to support encryption at all, and 302 support some variant of WPA. Five APs advertise unusual crypto setups like WEP with TKIP and WEP with CCMP. 1,149 APs are configured to make use of the bands associated with 802.11b and 80 802.11n APs were found. 50 run at 40MHz and 30 run at 20MHz. Oddly enough the most common advertised transmission speed is 18.0 Mbits (510 APs), followed by 347 running at 54.0 Mbits and 201 offering 11 MBit speeds.

I’ve uploaded my Kismet data in the form of CSV, text, and XML files. I’ve also included a KML file suitable for importation into Google Earth generated by KisGEarth should you want to poke around the area by proxy. You can download the files as a ZIP archive here.

Disclaimer: I’m not responsible for what you do with this data. No, I won’t make packet captures available.

back to top