Previous Section  < Day Day Up >  Next Section

RF Signal Strength Monitoring Tools

These tools are not sniffers or graphical network mappers that show all wireless networks in sight, but because they do discover WLANs (at least at the level of RF signal being present), we briefly review them in this section. Although a wardriver might not be interested in measuring the signal strength or SNR, for wireless site surveying this task is essential and having a tool to automate this task can save a lot of time.

These utilities implement two basic methods to monitor signal and noise strength on the 802.11 channel: watch -n1 -d 'cat <file>' and parsing an appropriate directory in /proc (e.g., /proc/net/wireless) or greping ARPHRD_IEEE80211_PRISM frame headers when using Prism chipset cards. Please note that the latter method appears to be used by both Airfart and WifiScanner and many higher-end tools such as Kismet that also report signal strength on the sniffed channels.

As already mentioned, the main use of signal strength monitoring tools is site surveying, the importance of which can never be underestimated in a wireless security audit and proper wireless network design and deployment. Although signal strength detecting tools can indicate the presence of RF interference or jamming (high level of noise and low SNR where in accordance with your RF calculations the SNR or signal strength must be much higher), they are by no means a substitute for a proper RF frequency analyzer.

The RF Basics: Free Space Path Loss and Interference

Free space path loss is the biggest cause of energy loss on a wireless network. It happens due to the radio wave front broadening and transmitted signal dispersion. Free space path loss is calculated as 36.56 + 20Log10(Frequency in GHz) + 20Log10(Distance in miles). Online calculators mentioned previously include free space path loss estimators and there are also applications that can do the same locally.

Of course, free space path loss presumes free space—any obstacle would significantly attenuate the RF signal. A simple glass window would decrease the strength of ISM band signal by approximately 2 dBm. Any (unlucky) wardriver without an external antenna who tries to open the car window while wardriving can spot the difference. An approximate table of obstacle-caused signal loss for ISM band signal is included in Appendix E. If you subtract the free space path loss and estimated obstacle-related loss from your EIRP you should get the approximate signal strength in the area of measurement. If the signal is much weaker than estimated, check your EIRP with the same signal strength monitoring tool by placing it very close to the antenna. If the EIRP appears to be in the range of your estimated value, look out for the interference caused by obstacles (multipath) or any RF transmitting devices.

The multipath problem refers to the interference caused by an RF signal from the same transmitter being reflected from the obstacles along its path. Because of that, it arrives to the receiver end at the different times. Traditional ways of alleviating the multipath problem are antenna diversity and proper antenna positioning to avoid obstacles.

The interfering transmitters can include other 802.11, 802.15, and non-802-compliant wireless networks; 2.4-GHz cordless phones; baby monitors; wireless surveillance cameras; microwave ovens; and jammers intentionally deployed by attackers. It is ironic that the 802.11b/g channel 6 (2.437 ± 0.011 GHz) used as a default by many access points, badly overlaps with one of the most common interference sources, microwave ovens. A microwave oven's magnetron emits at 2.445 ± 0.01 GHz in theory, but has a rather wide microwave irradiation pattern in practice. However, we do not recommend frying your frequency counter in the microwave oven to find the answer.

On the other hand, the 801.11a UNII band is relatively free from interference as compared to the ISM frequency range. An older method of avoiding interference on 802.11 networks was switching from 802.11 DSSS to 802.11 FHSS; now try switching to 802.11a if your local regulations permit using the UNII band frequencies.

RF signal monitoring tools come as separate utilities or plug-ins for various window managers. Our favorite signal strength monitoring tool is wavemon (see Figure 5-15), which has a nice signal strength level histogram (F2), lists all discovered access points (F3), and is relatively configurable (F7).

Figure 5.15. Wavemon wireless signal monitoring utility.


By default it supports Prism cards and linux-wlan-ng, but that is simply because of the preset wlanX interface; change the interface on ethX and so on to make it work with other chipset card drivers. Another useful tool is wlanmeter, which can monitor signal, noise, and link levels on all available wireless interfaces (three interfaces at the same time). Yet another useful tool is Wireless Power Meter for Linux (wpm), which uses Linux Wireless Extensions and will run on any terminal capable of displaying ANSI color (the Linux console, ETerm, Gnome Term, XTerm, Color RXVT). Alternatively, there is xnetworkstrength (surprisingly, it uses X), Cisco ACU for Aironet cards (recommended), and a variety of wireless link monitoring applets such as wmwave for Windowmaker or gwireless_applet for Gnome and the famous wireless plug-in for gkrellm. Wireless Network Meter for QT on Embeddix makes a good addition to Kismet + kismet-qte on your Sharp Zaurus, enhancing the use of this brilliant handheld as a wireless site survey tool. On the Windows side we recommend AirMagnet (not to be confused with the Java Mognet 802.11b/g sniffer) on an iPAQ. AirMagnet software is bound to the card that comes as part of the AirMagnet package; this card has proprietary firmware modifications that allow AirMagnet to detect and graphically display 802.11b/g channel overlapping. AirMagnet is a great (although somewhat expensive) all-around wireless security evaluation tool that is "fluffy" and easy-to-use. Of course, both AiroPeek and NAI Sniffer Wireless can also monitor network signal strength, among other features presented by these powerful commercial tools. For site surveying tasks, you can get PDA versions of both sniffers written for the Windows CE platform.

    Previous Section  < Day Day Up >  Next Section