Chris Nowell
Information Security
Englìsh   Français   Español   Deutsch   Russian   Japanese   Chinese
About Chris Tools and Downloads Presentations, Instructions, and Booklets Links Contact Support
Wireless Triangulator
Site Survey Tool

Wireless Triangulator Site Survey Tool Screen Capture
Other wireless site survey tools require significant existing infrastructure, or extensive investment of time for walk-abouts with a scaled floor-plan. Information Systems Auditors and Information Security personnel often don't have access to all required physically-controlled space. In addition, installed Wireless Access Points (WAPs) with site survey capabilities typically do not cover all of the space -- if they are installed at all. My Wireless Triangulator Site Survey Tool provides a better option to locate rogue wireless access points.
Some objects in a typical office space may reflect or absorb wireless radio signals. As a result, you should take as many readings as possible with this tool to determine the approximate location of potentially rogue wireless access points.

Preparation and Equipment
  1. Airodump works best with Windows XP Service Pack 1 (SP1). These instructions assume that you are using SP1. Please note that SP2 disables promiscuous mode, which Airodump requires
  2. Purchase a compatible wireless card. I recommend one that supports an external directional antenna, such as the Ubiquiti Super Range Cardbus card. I went to a local radio shop to get a custom pigtail to connect the Ubiquiti card's port to an SMA antenna.
  3. Install an appropriate promiscuous-mode driver from the aircrack site. If you chose the Ubiquiti card, you will require the Atheros driver from WildPackets (mirror).
  4. Visit the Aircrack website, and download the latest version of aircrack for windows (mirror)
  5. Restart your computer
  6. Use Google maps or another satellite imaging service and make a screen capture (Alt+Print Screen) to capture the physically controlled space that you need to survey. Try to include the area across the street.
  7. Using Paint (Start > All Programs > Accessories > Paint) or another graphics program, mark points to use in your survey. Try to stay away from outside walls, as they either shadow or reflect signals. Mark places on the sidewalks across the street at every corner, division, and landmark on the building.
  8. Make sure that you have a reliable compass with you.

Operational Procedures
  1. Start Airodump, and choose a prefix filename (I find it easiest to use c:\locationname-floor as the prefix filename)
  2. Open the Wireless Triangulator program and walk to each location marked in step 7 above.
  3. Click the appropriate map locations
  4. Select airodump split for each location, pointing North (N), West (W), South (S), and East (E). (this is where the compass comes in handy)
  5. Repeat the previous two steps as needed
  6. repeat steps 1 through 5 but instead of going around the building, use the elevator and replace north and south with up and down.
    1. record readings at the top, bottom, and middle floors.
    2. record readings every 5 floors
    3. where signals are strongest, visit every intermediary floor
  7. Unplug the directional antenna (and card if needed) and replace with a less powerful omni directional antenna. Take a walk through the target building to confirm your findings.
  8. Save your results for future use. Saving will create a data file with strengths of each access point available at each location, draw the approximate direction of the signal

Operating Precautions
  1. Make sure to take business cards and ID to authenticate yourself and your site survey. The site survey process provides an opportunity to evaluate the level of security-consciousness at the survey site. A stranger walking around with a laptop and a peculiar looking antenna should raise suspicions. A simple explanation of “determining the prevalence of wireless equipment” is typically sufficient to alleviate fears.
  2. ALWAYS REMOVE THE PIGTAIL OR OTHER “SNAP” CABLES BY HOLDING THE METAL CONNECTOR. The plastic/rubber sheath is not part of the metal connector and may pull the wire out. To unplug an MMCX or other snap-in connector from a PCMCIA card, eject the card and then hold the metal connector to unplug.
  3. 802.11b and g use 2.4GHz. This is the same frequency that excites water, of which you are 80%. To avoid boiling your innards, avoid placing a connected external antenna in your pocket.
  4. When replacing wireless PCMCIA cards, your computer may freeze due to a resource conflict. Try alternating PCMCIA slots.
Active Directory Date Converter

Unix Timestamp Date Converter

Unix Security Analyzer

Windows Security Analyzer

NIST SP 800-63 password policy compliance checker

© 2006, 2007, 2008, 2018 Christopher A. Nowell, MBA, BSc, CISSP, CISA, PCIP, TCSP