Net stumbling is has recently become a popular passtime for computer hobbyists. In its simplest form, stumbling is the discovery of wireless network access points using a mobile computer, such as a laptop or handheld device. While it's possible to manually discover such access points using the basic network connectivity software supplied with your hardware, there are other tools which make the job much easier and more interesting. These include:
- Stumbling software which automatically scans for and logs access points, along with their signal strength, MAC address, channel, encryption method, etc. (such as Netstumbler and its Discussion Forum)
- GPS (Global Positioning Satellite) receivers which let you record the latitude and longitude of each access point as well. More recent models use higher-sensitivity chipsets which can even work indoors, which helps in such places as shopping malls
- Mapping software which lets you graphically visualize your stumbling route showing you locations of the access points you've found, both live and later in post-processing (such as overlaying your finds onto Google Earth)
- Scripting sofware which can tie all of these together and display a live map of your current location, a breadcrumb trail of where you've been, markers for the access points you've discovered (along with their encryption status), and even announce the SSID name of hits and their status using text-to-speech synthesis through your laptop speakers or headphones
- External antennas for your network card, both uni- and omni-directional, which allow fainter and more distant access points to be received, especially when driving in a car or bus
- External GPS antennas, which increase location accuracy and sensitivity in fringe areas such as between tall buildings, wooded areas, indoors, etc.
- AC power inverters which let you run your laptop and GPS receiver from the automobile's power system rather than battery packs, allowing longer trips
- Online databases also exist where one may upload stumbling data and browse/search those of others (wigle.net, wifimaps.com), along with forums to chat with other stumblers about their finds, techniques, equipment, etc.
There are several variations known as war driving (done in an automobile), war walking (done on foot) and even war pedalling (done on bicycle) and war bussing (done on public transit). I prefer the more generic term stumbling, since it implies accidental discovery more than the term war, which has particularly negative connotations these days.
Stumbling on foot and wheels
While war driving is the most popular form of net stumbling, war walking and biking have several advantages over driving and bussing:
Of course, there are a few disadvantages to war walking as well:
- Slower speeds mean you're more likely to catch a given access point (at the same sampling rate) and have higher GPS location accuracy due to better satellite exposure outside a metal vehicle
- You'll be able to get closer to buildings and even inside some public locations such as stores, shopping malls, government buildings, libraries, restaurants, coffee shops, offices, etc.
- No shielding from metal car body means higher sensitivity without the necessity of an external wireless or GPS antenna
- More excercise, more environmentally friendly and closer knowledge of a neighbourhood
- Reliance on battery power and lower speed means a limited time per trip, and therefore a smaller coverage area
- When using a laptop computer being carried in a knapsack or briefcase, you won't be able to easily look at its screen while stumbling (though audio feedback via an earphone is possible using the text-to-speech system discussed above). Handheld devices can get around this issue, though it may be more difficult to appear discreet when using one unless it's being carried in a pocket or pouch
- Less comfort in extremely hot, cold or wet weather
Stumbling techniques and locations
Though it's possible to randomly wander around picking up access points, there are a few simple techniques which can result in higher hit rates. First off, some areas are more likely than others to have wireless access points. Generally these are places with higher concentrations of people living and working, such as residential subdivisions, apartment buildings, office complexes, shopping malls, department/big-box stores, supermarkets, hospitals/clinics, industrial parks, factories, warehouses, schools, university/college campuses and residences, airports, train/bus/subway stations, libraries, hotels/motels, campgrounds, restaurants, bookstores, cafés/coffee shops, bars/pubs/clubs, waiting rooms, etc.
- Plan your route beforehand, including as many of these types of areas as possible
- Keep in mind that typical consumer-grade wireless routers have a theoretical range of about 300 feet (92m) oudoors, and about half that indoors. Metal beams, plumbing, siding, rebar and other structural elements can reduce this distance even further, though high-gain antennas and range boosters can also increase it and/or make it more directional
- Consider criss-crossing an area covering as many streets as possible, and even covering both sides of wider streets for maximum coverage. Some people keep track of their completed routes using a printed map and highlighter pen to make sure they haven't missed any spots
- When on foot, get as reasonably close to buildings as possible, but don't trespass on private property. Consider taking shortcuts through parking lots to sweep in front of large buildings and even behind them when it is safe to do so. Remember that brick/wood walls and glass windows are more likely to let radio signals out than metal siding. Metallic glass coatings and embedded heating systems can also block wifi and GPS signals
- This also applies when in large department stores, which often use wireless for hand-held inventory bar-code scanners and price checkers as well as mobile checkout terminals. Stay near the outside walls to pick up access points located in warehouses and administrative offices
- Apartment buildings are also a prime spot because tenants are often forbidden by their leases to run network wiring, and are therefore more likely to use wireless. If you know someone who lives in a large building, try taking the elevator up one side of the building and down the other while scanning
- Shopping malls are good as well. Pay particular attention to food courts, larger stores and to geek-friendly stores more likely to have wireless access such as computer, home electronics, video game and telephone stores
- If possible, go around the outside of a building before scanning inside. You'll likely get a more accurate GPS fix on your initial acquisition of a given access point while outside, but inside you might not get a GPS fix at all
- Be sure to save your recording files and maps in a consistent fashion for easier organization and later reference
Legal, moral and safety concerns
While the mere detection of wireless networks isn't illegal in most areas, gaining access to a network for the purpose of stealing internet access or searching for files almost certainly is. Don't be stupid. Be discreet in your stumbling. Look but don't touch. Keep in mind that there are many techniques to keep intruders out of a wireless network. While WEP and WPA encryption are the most common, other tricks such as MAC address filtering (allowing only pre-authorized wireless devices to connect), turning off DHCP services (so that a valid static IP address and DNS server settings must be manually configured), non-standard subnet address ranges, and not broadcasting an SSID are other common techniques to discourage casual connections. If you're surrounded by other wireless routers and access points, you only need to be a little more secure than your neighbours to make casual snoopers pass you by and look for an easier target. Conversely, an SSID that has never been changed from the manufacturer's default is a pretty good sign that the connection may be wide open. Common examples of this include linksys, netgear, default (D-Link), dlink, wlan, wireless, wavelan, msnhome, airport, tsunami (Cisco), comcomcom (3Com), and symbol.
If driving, have a passenger look after the computer, preferably in the back seat. Driving while distracted by a computer screen is illegal. If alone on bike, pay close attention to the road. Use a single earphone if employing speech notification or other audio cues so that you'll still be able to hear oncoming traffic. You don't want an accident to smash that expensive laptop in your backpack.