Table of Contents

Wireless Network(s/ing)

O'Reiley wireless networking book http://www.oreilly.com/catalog/wirelesscommnet/ LDP wireless how-to provides a good practical introduction and overview http://www.linuxdoc.org/HOWTO/Wireless-HOWTO.html IETF ad-hoc mobile networking group http://www.ietf.org/html.charters/manet-charter.html driver software

access point software

community based wireless networks

in .au

in brussels

tools for finding/mapping/hacking wireless networks

antennas / mods

homebrew antenna shootout (using tin cans for higer dBm!) http://www.turnpoint.net/wireless/has.html waveguide antenna http://www.oreillynet.com/cs/weblog/view/wlg/1124 adding an antenna to teh dlink dwl 1000ap http://seattlewireless.net/index.cgi/DlinkAccessPointComments

mods for dwl-650 http://kevlar.burdell.org/~will/antenna/

protocols

GPRS General Packet Radio Service is starting to become incorporated into GSM services to provide TCP/IP http://www.linuxjournal.com/article.php?sid=3724 http://www.cs.hut.fi/~hhk/GPRS/gprs_own.html

HF radio an article on setting up a WAN using HF based radio modems in guinea (low bandwidth, long distance wireless) http://www.linuxjournal.com/article.php?sid=6299

WMAN wireless MANs (802.16 family) http://wirelessman.org/pub/backgrounder.html

unsorted notes

For doing this type of war driving, you don't need to actually connect to each AP. The card is put into a low-level promiscuous mode, so it can receive all packets. Every AP sends out a continuous stream of 'beacon' packets which the software can use to determine what networks are available. Also, at least on Prism-based cards, you get both a signal and noise measure for every packet received. So you just drive around snarfing up packets, and every one you get you can check for the source MAC address (to determine the AP) and the S/N ratio. No need to talk to the AP's at all, it's totally passive.

One thing you do need to do is change channels. 802.11b specifies 11 channels (in the US), so to be thourough you should check them all. To be efficient, you can only check 1,6,11 because that's what everybody uses. Depending on how many channels you are checking and how fast you scan puts a limit on how fast you can drive and expect to pick everything up.

http://www.pdxwireless.org

grass - http://www.baylor.edu/grass/ an excellent GIS package for Linux that gives linux users the power of multi-million dollar GIS systems in their basement.

pico radio research project using a multihop network with ultra low power wireless nodes. http://bwrc.eecs.berkeley.edu/Research/Pico_Radio/Default.htm

mesh networking hardware/softs » http://www.locustworld.com/

Many APs allow the user to turn off the SSID broadcast, however if someone nearby has popped their WLAN card into monitor mode, this will enable them to listen into the raw 802.11 frames that carry all your precious data.

Plus anything else that happens to float by on channel 10 for instance. sniffer-pro and more importantly airopeek both do this.

Mac list restrictions can be overcome in this manner as well: you can specify a MAC by using Ifconfig under linux :)

kismet does this nicely as part of its “ip address space” discovery work, along with cisco infrastructure enumeration with CDP.

streetmap-stumbler in perl http://www.interrorem.com/software/stumbler.php3

http://books.slashdot.org/books/03/07/10/1455238.shtml?tid=137&tid=193

realtime scheduling + low latency “Fair Scheduling of Real-time Traffic over Wireless LANs” http://www.cse.ucsc.edu/~sbrandt/rtss2000/proceedings/18.pdf

“An Experimental Testbed for Using WLANs in Real-Time Applications” http://www.hurray.isep.ipp.pt/rtlia2002/ full_papers/17_rtlia.pdf

some problems occur with the frame level error correction. probably all available APs (acccess points) use DCF rather than PCF which is an optional part of the 802.11b standard for handling time-constrained data. error correction can involve incremental exponential back off, or random back-off, both of which invovle retransmitting a frame after a specified delay (randomly or exponentially determined) if and ACK isnt received from the AP.

“A SURVEY OF QOS TECHNIQUES IN 802.11”.. http://trident.mcs.kent.edu/~ydrabu/research/wmac/mac.pdf

“Packet Scheduling and QoS for Wireless Networks” http://frottle.sourceforge.net/

bluetooth + 802.11 comparison http://www.wallstreetweb.nl/forum/messages/2025.html/ (GONE!) http://www.extremetech.com/article2/0,3973,67471,00.asp MANAT mobile ad-hoc networks http://www.ietf.org/html.charters/manet-charter.html

a nice collection of technical info + practical advice on antennas, networking, etc » http://flakey.info/

open implementation of the 802.11x sec protocol » http://open1x.sourceforge.net/

DlinkDWL1000AP

packet radio see: Packet Radio