Kismet Wireless

Kismet Forums

 

Posted by:endus
Subject:Mapping Questions
Date:19:39:21 15/05/2012

> The real problems are:
>
> a) signal level is often BS in monitor mode. The kismap heatmap code never touched it if I recall, it just used packet counts per quantized location

Hmmm. Thats interesting. I went through the files kismet generates and I was noticing the same thing. It seemed like a lot of wireless signals that I know are distant are recorded as being almost as strong as ones I know are not.

> b) map sources went away. kismap scraped (technically against the ToS) maps off some of the original map servers for driving directions, and drew on top of them. These map servers have all since evolved or gone away.

Yea, that I did read about...understandable.

> I can think of a few ways to revive heatmaps using KML; I don't know when I'll have time to work on them but if you swing by IRC I'd be happy to chat more (#kismet on freenode, I'm often around).
>
> I'm thinking to make a KML polygon heatmap, you'd generate a normal inverse-distance-weighted heatmap using either packet density or signal level, then quantize that into, say, 16 levels. Instead of using colors for these levels, you would then do a convex hull operation on the points, to find the outline which encloses them all (this code is also in kismap, still available in SVN). Then you make multiple polygons in KML out of the hulls, and you get a reasonably fast-drawing polygonal heatmap out of the deal.
>
> This wouldn't solve the problem of having spikes in the heatmap - they'd turn into blobs... but it still might be an interesting operation.
>
> Alternately, you could try to perform a concave hull / outline of the point cloud of that signal level, and it might be much more like what you want.

You're waaaay over my head here. :)

But, what I can tell you is this. It did seem like Ekahau Heatmapper was able to better distinguish what was in the building versus not. The localization of our APs was better and, while they obviously were showing up at the limits of my war walk, external APs were clearly lower in signal strength. So, you could look at the map and see basically what was in the building and what wasn't.

When I used some of the netxml/gpsxml -> kml converters I got results, but pretty much all of them were still not depicting things very clearly. APs showed up as being in the building which clearly are not. That's where using Kismet for wireless rogue detection gets tricky.

It seems like the signal strength issue you mention might be the prob here. I actually drove around the neighborhood surrounding my office to try and get a better fix on external signals, but it didn't seem to help that much.

I dunno, either way, thanks for your responses and thanks for an awesome tool. It works amazingly for what it does well! Nothing else provides as much info...it has actually shocked my management by how much it is able to see without authenticating. If there ever is a way to get the heatmapping working a little better that would make this tool even more useful...to me at least.


Reply to this message