Nmap Development mailing list archives

Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points

From: Ron <ron () skullsecurity net>
Date: Thu, 16 Jun 2011 19:49:21 -0500

Sweet! I was thinking of doing the same, but didn't realize it'd be that easy. Thanks for clarifying :)

On Fri, 17 Jun 2011 02:41:07 +0200 Gorjan Petrovski <mogi57 () gmail com> wrote:

I personally indeed ran into this. This script was originally meant as
a snmp-bssid-geolocation script, so we'd get all the MAC addresses
through snmp, which lists them fine. While I was in the middle of
exploring SNMP and how to gather the MAC addresses, David noticed that
the snmp-interfaces already gathers all the MAC addresses, so I just
made a patch for it in order to save the MAC addresses to the
nmap.registry. Later we decided to add a script argument so for user
friendliness.


On Thu, Jun 16, 2011 at 11:57 PM, Ron <ron () skullsecurity net> wrote:

Hey,

Me and Tom Sellers both attempted to write this script awhile back
and ran into a serious issue: on the majority of routers I tested,
the BSSID wasn't equal the to the Mac Address. Therefore, the
geolocation lookup was almost always wrong. I found that certain
routers, such as Linksys, had a mathematical relationship between
the BSSID and Mac address (one was 2 higher than the other, I
think), but that was anything but consistent.

Just wondering if you've run into this?

Ron

On Sun, 22 May 2011 09:52:50 +0200 Gorjan Petrovski
<mogi57 () gmail com> wrote:

Hello,

Here is the mac-geolocation script which queries the Google and
Skyhook geolocation services for a location, using the BSSID (MAC)
address of a WiFi access point.

  Google Geolocation lookup related information:
When given a wrong MAC address, or a nonexistant MAC the Google API
for geolocation of MAC addresses makes an IP geolocation of the
host which is making the geolookup request (which is us). This IP
based geolookup generates a response which has an accuracy field
containing a high value (meaning low accuracy). So, in order to
separate the MAC-based responses from the IP-based ones, we do a
lookup of a non-valid MAC address "00", and compare all the
results with that one: if the results match, and the accuracy is
larger than 2000 (meters?) than it's probably safe to say that the
geolookup was made based on our IP address. Google Geolocation API
Protocol:
http://code.google.com/apis/gears/geolocation_network_protocol.html

  Skyhook Geolocation lookup related information:
The Skyhook API used here is not officially documented by Skyhook.
Skyhook API does not return results for a MAC lookup if the country
containing the results is different from our country (country of
the host querying the API)

Because of this, and the slow process of updating the Skyhook
database, I've not yet been able to test the Skyhook-based lookup,
so would someone living in the US please test it against a MAC
address which he knows that is in the Skyhook database?
Thanks!

Should I shorten the output, or add a Google Maps link?
The output currently looks like this:
| mac-geolocation:
|   00:24:B2:1E:24:FE
|     Google
|       longitude: -93.100682
|       latitude: 44.9507415
|       accuracy: 1025
|       address:
|         city: "St Paul"
|         country: "United States"
|         county: "Ramsey"
|         country_code: "US"
|         region: "Minnesota"
|     SkyHook
|       longitude: -93.100682
|       latitude: 44.9507415
|       address:
|         street-number:
|         address-line:
|         city: "St Paul"
|         postal-code:
|         county: "Ramsey"
|_        state: "Minnesota"

All comments are welcomed :-)

Cheers,
Gorjan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/




-- 
Gorjan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points, (continued)
- - - Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Gorjan Petrovski (May 23)
    - Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Fyodor (May 23)
    - Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Gorjan Petrovski (May 27)
    - Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Fyodor (May 27)
    - Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Djalal Harouni (May 28)
    - Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Gorjan Petrovski (May 28)
    - Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Patrick Donnelly (May 28)
    - Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Gorjan Petrovski (May 29)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Ron (Jun 16)
  - Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Gorjan Petrovski (Jun 16)
    - Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Ron (Jun 16)