Antenna Theory for Wardriving and Penetration Testing. Introduction. Wardriving is an activity in which a person seeks wireless access points in moving vehicles with high gain antennas mounted on the top. Usually, this access point data is correlated with GPS positions and marked on publicly accessible maps such as Wi. GLE. On the other hand, wireless penetration tests are focused evaluations of wireless security pertaining to an organization. In both of these cases—and any type of wireless communication—antennas play a critical role. They can mean the difference between hassle- free communication and bitter frustration. However, antenna designs and related implications are arcane topics in requirement of sincere exploration by security enthusiasts. The antennas in your arsenal can make or break your wardriving or wireless penetration testing efforts. Whether you are a wardriving aficionado or a wireless penetration tester, this paper is intended to help you deduce the best antenna for your requirements. Pen- Testing Training. Terminology You Should Know. Wi- Fi operates in the 2. GHz radio frequency that is measured in decibels or db. In order to be able to comprehend discussions germane to the performance of antennas, you must familiarize yourself with the following terms: d. Bm – d. Bm means decibel milliwatts. Wi- Fi network signal levels are usually measured using d. Bm. The negative sign is used because the transmission power is never strong enough for the signal level to be positive. For instance, to get a 0. Bm signal, you would need a transmission power of 0. Bm- Maximum possible value; you are right next to the access point (within a few feet).- 6. Bm- Minimum requirement for timely packet delivery (e. Accordingly, higher link quality will imply lower number of packet errors. Antenna Gain: Do not be confused by this term, the antenna does not actually amplify anything. Antenna gain is a figure that reflects how efficiently your receiving antenna would convert Wi- Fi radio waves into electrical power. Antennas with a gain of 2 d. Bi, 5 d. Bi, 7d. Bi, 9 d. Bi, 1. 3 d. Bi etc are available. A common mistake is to think that the one with a high d. Bi would be the best (e. Find great deals on eBay for wifi wardriving. Shop with confidence. To understand why this is a misconception, consider the following rough sketch . However, if the transmitter is placed vertically above the receiver—as in floors of a building—then a 5 d. Bi antenna would be your best bet. If the transmitter is at a different elevation and at a long distance from the receiver, a 7 d. Bi antenna would offer you the right combination of elevation and range. A 2 d. Bi antenna aims to cover signals equally in all directions, and is not well- suited for wireless penetration testing or wardriving. How well do these antennas work? The short answer is: If correctly chosen, they perform well. The right type of antenna, with proper orientation, is able to pick up signals from miles away. However, it is imperative to point out here that many users who purchase external antennas end up being dissatisfied with their performance. The reasons for this are: Unrealistic expectations: This may seem obvious but these antennas are not magical devices that will pick up signals from great distances, especially when they are improperly chosen (wrong type of antenna) or have not been calibrated (aligned) well. Insufficient knowledge: If you are purchasing a wireless antenna, or constructing a custom one, you should be able to define your purpose and have the knowledge to choose the proper antenna that would satisfy this purpose. To test how well an external antenna performs in contrast with a laptop’s default antenna under the same conditions, we set up the following experiment. The distance between the access point and our antennas was carefully chosen so that the internal antenna could barely receive a signal at this point. Interfaces: . As evident from the roundtrip delay time of several milliseconds . For the internal antenna, both the link quality and the signal level were extremely poor . This brings us to the next section. Choosing the Right Type of Antenna. Many tech savvy individuals are beginning to adopt the hobby of "wardriving" - the fine art of finding and marking the locations and status of. Website dedicated to Wireless LAN Security and Wardriving. Includes lots of whitepapers, presentations, tools, firmware, drivers, equipment, and resources. Wardriving is the act of finding WiFi networks, usually from a car or other vehicle, and mapping out their location. Here is my latest wardriving equipment! There are a variety of antenna types, and each type is built with specific needs in mind. There is no “best antenna for wardriving or penetration testing”. Understanding the design and purpose of each of these would help you choose the best one. An omnidirectional antenna spreads energy equally in all directions—which means shorter range. A directional antenna is able to take this same energy and focus it towards a particular direction—implying longer range in that direction.
Omni- Directional Antennas. This is the most common antenna type, and most if not all of you have seen one up close. For instance, the antenna on top of your car is an omnidirectional antenna. These can be used for . These are not suitable to be used for point- to- point communications because transmitting signals in all directions, when you want them to go from point A to point B, is an inefficient choice. Figure 6. Suitability for wardriving: These are ideally suited for wardriving, since they grab signals from all directions while you are driving. However, there are some considerations: a 9 d. Bi omnidirectional antenna would allow you to capture far off signals from all directions, but it will miss access points in high buildings close to your vehicle. To understand why, see Figure 1. Accordingly, it is advised that you choose the correct d. Bi omnidirectional antenna suited for the areas you are going to drive in. Suitability for penetration testing: During a penetration test, you are aware of your target. Hence, a directional antenna pointed toward the target is more efficient than an omnidirectional antenna. However, you can use a 5 d. Bi omnidirectional antenna during perimeter testing. Parabolic Antennas. Parabolic antennas depend on a curved parabolic surface dish that focuses signals towards a central point . This enables these antennas to put out incredible gains. However, parabolic antennas are highly directional, which means you need to ensure that they are pointed in the right direction, otherwise they might completely “shield” the signal. Because of their high gain, they are suitable for long range point to point communications. Figure 7. Suitability for wardriving: A parabolic antenna would pick up wireless signals from miles away but only from a single direction at a time. Hence, if you want to map Wi- Fi access points in multiple directions while driving, this is not the best choice. Suitability for penetration testing: Given their long range, parabolic antennas can be very suitable for targeted wireless intrusions, since they allow you to carry out tests from far away once you have positioned them toward target access points. Yagi Antennas. Yagi antennas, named after Dr. Hidetsugu Yagi, have a central beam with many individual elements supported by this beam . These elements constitute radiators and reflectors. A variation is the . They would pick up far off signals from a particular direction, while missing out on signals in the other directions. Suitability for penetration testing: Like parabolic antennas, Yagi antennas are capable of picking up signals from miles away. Their high gain (e. Bi) makes them ideal for penetration testing when you have them pointed towards the target. The Vagi antenna is an attractive choice for penetration testing since they are small and lightweight, yet offer substantial gains. Ethical Hacking Training – Resources. Backfire antennas. Backfire antennas are known to have a small size but a significant gain. This makes them a very attractive choice for point- to- point or point- to- multipoint communications. How do they differ from parabolic antennas? There is no parabola; the reflector surface is flat. Their resonant cavity structural design makes them capable of achieving the high gain. For suitability toward wardriving and penetration testing, see . For this, you will need: About 1- 2 inch of 1. A smooth metallic parabolic reflector such as aluminum foil, a can, an 8 inch dumpling strainer, etc. How to Make a Cantenna. Cantennas, antennas made out of cans, have been very popular among enthusiasts since they are easy to make and everything you need is in your home. The idea is to use a . Calculations regarding the placement of the copper wire need to be precise. You can use this calculator to ensure accuracy. Figure 9. However, if the can is very narrow, you would need to point this antenna very precisely towards the signal direction and even then you would not notice significant gain. Moreover, if you are using a long cable, signals would suffer attenuation. Note: Although a Pringles can is often mentioned, it is not a good can to be used for these purposes since it is too narrow. In fact, any cantenna is a bad choice for serious penetration testing. How to Make a Parabolic Antenna. If you have an omnidirectional antenna available . Now, all you need to do is find a parabolic reflector that can “turn” this omnidirectional antenna into a parabolic antenna. This parabolic reflector can be any smooth metallic surface that can converge radio signals over the omnidirectional antenna—and this is what improves the antenna gain . There is no increase in antenna gain if an inexperienced person has placed the omnidirectional antenna too far or too close to the parabolic reflector so that it completely misses the focal point. Hence, for accuracy, use this parabolic antenna focal point calculator. Alternatively, if you prefer to avoid making calculations, you can use freely available parabolic reflector templates which have been drawn to scale. These templates explicitly mark the focal point of the parabolic reflector so that you do not have to make calculations. For instance, you can print and use the parabolic reflector template in Figure 1. You would need a square sheet of reflective material that you can place vertically on the straight line drawn in this template, and bend the sheet until it synchronizes with the parabolic curve in the template.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2018
Categories |