Between characteristics of modern buildings (block walls, walls with metal studs, cement floors, and the like) and the large numbers of wireless networks assailing the airwaves, setting up a reliable wireless network can be a real challenge. Site surveys — where technical architects / network administrators examine a given physical environment’s suitability for wireless networks — can really help identify potential WiFi issues.
Unfortunately, many of the tools traditionally employed for performing wireless site surveys cost thousands of dollars. Not to worry! Here, we’ll discuss how to perform a wireless site survey for 802.11 networks using free open source tools so you can build a rock-solid set-up, regardless of budget. This article focuses on the tools, rather than the process of WiFi surveys. For information on the process, check the links at the bottom of this article.
WiFi Analyzer is a tool that basically turns your Android phone into a spectrum analyzer. With it you can easily see what access points are nearby, the channels they are on, and their signal strength — all through clear, colourful real-time graphs. This is one of the fastest and easiest ways to see what’s going on in the airwaves near your home or office and how to avoid interference on your network. WiFi Analyzer can be found on Google Play (https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer&hl=en) for free (the program is ad-supported).
To take things a step further, you can break out Kismet, a powerful wireless utility that can not only do all of the above but possesses an array of capabilities for wireless security auditing as well as intrusion detection. Kismet is in the repositories of several popular Linux distributions and you can download the source from http://www.kismetwireless.net as well. The links page of project web site also includes a link to a Windows port of the front-end to Kismet. If you just need to use the tool occasionally and don’t have a Linux machine handy, I recommend using a Linux live CD or VM. Heck, maybe you can use this as an excuse to take the plunge into the awesome world of Unix.
To use Kismet for a simple wireless survey, you really only need to use a few of its features. Let’s go through running Kismet for this purpose, step-by-step.
* Launch Kismet as root. If you are using Ubuntu, type “sudo kismet” at the command line. If you are using pretty much any other Linux distribution, become root by typing “su -” [enter] at the command line. Then type “kismet”.
* After pressing the space bar to dismiss the introduction message, we are presented with the list of networks found so far. As Kismet is a passive discovery tool, it will find more networks as time passes and it observes traffic moving across them.
* Pressing “h” brings up the help window, which explains commands and what the items on screen mean. We’ll go through most of those relevant to wireless auditing here to make it easy for you to get started.
* A quick check to look at first is the statistics window. Press “a” and it appears, presenting a nice high-level view of what Kismet is detecting – number of networks, packets transmitted, maximum packet rate, and the all important channel usage. There is even a nice graph showing the concentration of APs on each channel. A table with exact numbers of APs on each channel is to the right. With this, we can get most of the information we need to see how crowded a given area is with wireless access points and what channels everyone is on. If you need to dig deeper, read on.
* Sort the results by typing “s.” Then select how you would like them to be sorted. I usually sort by channel when doing a wireless survey. You actually must sort in some fashion in order to actually navigate the list of access points (APs).
You may see an item in the list labelled “Probe Networks” (often marked with a “G” in the network type (T) column because they are in a group, otherwise, they are labelled as the “P” network type). This shows wireless clients in range attempting to access networks that may or may not be in range. So they are not really relevant in a wireless audit. The probe networks detection feature is more useful for security auditing. It can reveal information about networks that are intended to be hidden, among other things. To see these networks, highlight the Probe Networks entry and press the space bar.
Other common network types are ad-hoc networks (designated by an “H” in the type column), and access points (designated by an “A” in the type column). Of course, APs are the type of networks you should be paying particular attention to. Ad-hoc networks are typically of less concern in wireless surveys because they are usually temporary.
There you have it! With WiFi Analyzer and Kismet, you can perform a very effective wireless network survey without spending a dime (as long as you have an Android device already). Once your survey is complete, chose the least crowded channel available.. It’s best to chose one that is farther away from occupied channels. For example, if other networks are on channel one and five, it is best to set your network to channel three, if it’s open. Then, you should have a relatively interference-free connection to your network. You can often check signal-to-noise ratios on your AP (especially if you have an AP running DD-WRT. See www.dd-wrt.com). Kismet also reports noise but it always seems to be 0 when I check it, which is not right.
More information on wireless surveys and the tools covered here are available via the links below.
WiFi survey process links:
WiFi Analyzer Google Play page: https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer&hl=e
Kismet project page: www.kismetwireless.net