I recently became interested in creating 802.11 control and management frame plots around Orlando. Naturally, the first problem was figuring out how I could capture GPS coordinates on my laptop. Being GIS savvy, I can think of a few ways to do this but what fun would my blog post be if I took the easy way out? The reality is, I have a Lassen GPS unit that would get the job done, easily. Unfortunately, I am not interested in carrying the unit in an out of the car for data collection sessions and I am most-definitely not going to be leaving it in my car to bake in the Florida heat. Instead, I took an alternative approach and used my MyTouch 4G Android powered cellphone as a USB accessory. A few lines of JAVA later, I was streaming lats and longs to my Macbook Pro via USB. Here is what my GPS coordinate streaming app looks like (in all of it's glory). Notice how I am strictly adhering to the Android UI design guidelines. When you press the 'Start' button, GPS coordinates begin to stream to the host.
If that screenshot did not keep you interested, maybe the next topic will, Frames! The pipeline I used to capture the 802.11 frames was rather simple, it boiled down to:
Network "Device" (pcap_t pointer) + pcap code + gps = shapefile.
At this point in time, the shapefile contains control frame addresses and the capability information field for privacy (B4 as defined in section 18.104.22.168 of the 802.11 specification). In the plots below, each point represents a single GPS coordinate collection event. Green points represent private networks while red points represent public (aka guest) networks. Each point may contain multiple 802.11 telemetry frame details. This is due to the fact that I am not dead-reconing a unique coordinate for each telemetry frame based on the delta T between the last GPS coordinate epoch and the telemetry frames epoch. Doing this would get messy rather quickly, so I just kept it simple. Here is a plot of several telemetry frames that I captured while driving through downtown and down 408 (and back).
Below you can see a closeup of the frames that were collected around the 408 / 417 interchange. It is important to reiterate that there are many points in each spot, where each record represent an individual frame.
Let's zoom in a bit closer and examine one of these sets of frames. Below, I am selecting the rightmost set of frames (the ones highlighted in yellow). Within the attribute table, you can examine the described control and management frame data.
I slowed my vehicle down while exiting the 408 and as a result my frame density increased. The density continued to remain high as I drove throughout downtown Orlando.
Here is a closeup of some of the frames I collected around downtown (near lake Eola). See how many GPS anomalies you can find.
I intend to expand my data set and create some more interesting plots in the future. For now, the most interesting plot I can provide is this shot, showing all management frames that were collected with an SSID of DefaultSsid2-1.
Here are some fun-facts about the collected data:
- 3057 unique addresses were collected
- 1030 unique ssids were collected
- 75 contained the word 'guest'
- 10 contained the word 'orlando'
- 34 contained the word 'belkin'
- 28 contained the word 'netgear'
And here are some funny SSIDs:
- Proceed with Caution
- Pretty Fly for a Wifi