Portable wireless transmission detector
Donald Thompson
direction of any 802.11a/b/g transmissions? Most of the detectors I've
seen are geared for finding broadcasting AP's. I need to be able to
track down laptops/PDA's with a wireless device thats enabled,
regardless of whether or not they're running in infrastructure or adhoc
mode, associated with an AP or not.
Any other non-802.11a/b/g wireless signal detection, like cell phones,
would be a nice bonus, but not required.
-Don
Jeff Liebermann
<dlt_SP...@lunanet.biz> wrote:
>Hi, does anyone know of a product that will detect and point me in the
>direction of any 802.11a/b/g transmissions?
Let's get the buzzwords nailed first. Detect, identify, and direction
find are separate functions.
Detect can be done with a simple RF detector as in a "bug finder",
which simply rectifies any RF it picks up, and provides an indication.
It has no way to distinguish the manner of modulation or identify the
source. Another name for this is a "sniffer" which is useful for
finding the exact location of the transmitter when you're very close.
I tired to modify a microwave oven detector with an external antenna
but could only get a few feet of range.
Identify is done with the Netstumbler, Kismet, or other wireless
sniffing tools. These will extract the MAC Address, SSID, and other
interesting information from a transmission. However, they will not
distinguish between Bluetooth, wireless video, 802.11, microwave
ovens, cordless phones, and such. To the best of my knowledge, there
is no single appliance short of a military ELINT system that will do
this today.
Methinks direction finding is best done with a rotating directional
antenna and a spectrum analyzer. I've scribbled on the topic before
in alt.internet.wireless. Search Google Groups for my name and
"direction finder".
| http://hardware.mcse.ms/archive80-2005-4-181538.html
| http://groups-beta.google.com/group/alt.internet.wireless/msg/e9a5d5828f52aa1c
| http://groups-beta.google.com/group/alt.internet.wireless/msg/dcf5c0774ed9d762
| http://groups-beta.google.com/group/alt.internet.wireless/msg/dcf5c0774ed9d762
(there are others)
It's fairly difficult to direction find with a handheld dish, radio,
and laptop, or perhaps handheld dish and spectrum analyzer. The
signal strength indication from the most non-modified radios is just
too slow to perform reasonable sweeps. They also fail to distinguish
easily between multiple sources of RF and/or multiple 802.11 sources.
Direction finding client radios is even worse as you're likely to find
them among other client radios which will interfere with an accurate
bearing. They also tend to be indoors which are major sources of
reflections.
>Most of the detectors I've
>seen are geared for finding broadcasting AP's. I need to be able to
>track down laptops/PDA's with a wireless device thats enabled,
>regardless of whether or not they're running in infrastructure or adhoc
>mode, associated with an AP or not.
I'm not too sure what to recommend. The typical client radio goes
into "power save" mode when not in use. In effect, it doesn't radiate
any RF to direction find. If associated with an access point, it does
have keep alives and beacon transmissions which can be detected. When
I tried direction finding on these occasional transmissions with my
Proxim 7400 based spectrum analyzer, I found that the transmissions
were so few and far between, that the SA would only occasionally si
something.
I don't know of any off the shelf product that will do that, but can
easily speculate on how it might be designed (translation: I don't
know if it will work). I need to know the level of accuracy and range
you're expecting. Also, whether this is to be a human operated or
automatic system, one unit or many, details, etc.
If you wanna roll your own, I suggest using a dish antenna, MMDS
downconverter, 500MHz spectrum analyzer, and a fiberglass pole. The
stock MMDS receiver works on 2.6GHz and can be fairly easily convinced
to function at 2.4GHz.
http://www.qsl.net/n9zia/2.4ghz_transverter.html
There are also MMDS converters built into the dish antenna feeds as
in:
http://www.mrx.com.au/wireless/ConfierModifications.htm
At 2.4GHz, the IF frequency comes out about 150MHz. You'll need a
spectrum analyzer to cover about 90-190MHz to see the entire
2400-2483.5MHz band. I use a Pacific Wireless MMDS downconverter on a
20ft fiberglass "window washer" telescoping pole with a small dish or
panel antenna on top. Power goes through RG-6/u coax cable.
Sensitivity is lousy and I plan to add an an RF amplifier. Photos and
details when I have time.
>Any other non-802.11a/b/g wireless signal detection, like cell phones,
>would be a nice bonus, but not required.
There are such things for cell phones. I've tinkered with the Zetron
510 unit, which is just a fancy RF detector. It was screwing up badly
with false indications from 800/900MHz trunking handheld radios. It
also had sensitivity problems with CDMA phones.
http://www.starportinternational.com/detector.htm
Also see:
http://www.globalgadgetuk.com
http://www.ecpe.vt.edu/news/ar04/detector.html
--
Jeff Liebermann je...@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
NBT
8><....................................
However, they will not
> distinguish between Bluetooth, wireless video, 802.11, microwave
> ovens, cordless phones, and such. To the best of my knowledge, there
> is no single appliance short of a military ELINT system that will do
> this today.
Came across this the other day
http://wireless.weblogsinc.com/entry/1234000727044139/
Jeff Liebermann
<inv...@invalid.invalid> wrote:
>Came across this the other day
>http://wireless.weblogsinc.com/entry/1234000727044139/
Ooooh. I want one.... Just one problem. $3,999 list price.
If you like spending money:
| http://www.bvsystems.com/Products/WLAN/WLAN.htm
In my limited experience, it's difficult, but not impossible, to
distinguish different types of 2.4G modulation. 802.11b/g Direct
sequence is easy enough as it has the classic Sin(X)/X lumpy pattern.
Frequency hoppers, such as 802.11 FH, X10, BlueTooth, and Zigbee are
also easy as they have a "square" spectra shape on the analyzer.
Proxim Lynx bridges hog exactly half the band, continuously.
Cordless phones come in all kinds of weird modulation schemes, but
show no on/off pulseing. Microwave ovens always seem to drift in
frequency.
For real entertainment value, drive to a mountain top with a spectrum
analyzer, connect an antenna, and wonder why you bothered. Without
filtering and some clue as to what I'm looking for, I usually just see
garbage on top of garbage.
The right way(tm) to do this is to demodulate the signal and try to
determine the modulation methods from the baseband data instead of
from the RF spectra. An SDR (software defined radio) is fully
capeable of doing that. It would "lock" onto the signal, and try each
demodulator one at a time. Kinda like an ELINT system.
One problem with using a spectrum analyzer with spread spectrum is
that the sensitivities tend to be terrible because the spectrum
analyzer cannot take advantage of the 10dB processing gain and the
ability to synchronize the transmitter and receiver. I'll post some
video clips of what the screen looks like (when I have time).
Try these video clips to see how a dedicated spectrum analyzer looks.
It doesn't get much better than this. See the links near the bottom
of this page.
| http://www.bvsystems.com/Products/WLAN/YJ802.11bg/YJ802.11bg.htm
Yes, it's basically an IPaq with a dedicated spectrum analyzer hung on
the back.
man...@orcon.net.nz
WiFi needs. How about just a USB adaptor, Netstumbler & parabolic
cookware dish! The mad Kiwis at => www.usbwifi.orcon.net.nz have
pretty much got this nailed. Go for it
Jeff Liebermann
<je...@comix.santa-cruz.ca.us> wrote:
>One problem with using a spectrum analyzer with spread spectrum is
>that the sensitivities tend to be terrible because the spectrum
>analyzer cannot take advantage of the 10dB processing gain and the
>ability to synchronize the transmitter and receiver. I'll post some
>video clips of what the screen looks like (when I have time).
I made a video clip that shows the problem:
http://802.11junk.com/jeffl/sa/proxim7400-01.avi (2.5MBytes)
It's monitoring my BEFW11S4 located about 3 ft away from the laptop
antenna. The wireless is doing some large packet pings to a neighbors
client radio. That's as "strong" as it gets thanks to receiver AGC
(automagic gain control). It's shown scanning at the slowest speed
(60 seconds to go across the screen) just to be able to show
something. In the medium speed postion, it misses about half the
vertical bars. In the fast mode, it only sees one or two. If I don't
generate any intentional traffic, then only 3-4 vertical bars appear
in the slow speed. Due to the slow speed, lousy indication amplitude,
AGC, and lack of control over the sweep limits, trying to direction
find with this monster is a problem. However, it's still better (and
cheaper) than nothing.
(Yeah, I know the AVI file is out of focus and jittery. I can't find
my tripod and promise to make a better movie when I find it.)
NBT
8><................................................
>
> (Yeah, I know the AVI file is out of focus and jittery. I can't find
> my tripod and promise to make a better movie when I find it.)
>
>
http://www.ntms.org/files/$20%20WIFI%20SA.zip
It may be worth the OP having a read through this
http://www.wi-fiplanet.com/tutorials/article.php/3383461