Detecting Wardriving (Probe request frames)

Continuing the theme of the last couple of entries on this blog I am looking at detecting war driving using a wireless packet sniffer to capture probe request frames being sent by a client under the control of a war driving tool. In this case I used CommView for Wifi and viStumbler as the sniffing tool and war driving tool respectively.

I was aiming to see what would the affect by of running viStumbler for a period whilst recording probe request frames. Using a laptop running CommView for Wifi, I captured the probe request packets for an approx. period of 55 mins, during which I run viStumbler for 14 mins, the resulting plot of probe request frames / min clearly identify an increase in the number of probe request frames being broadcast.

The average number of probe request frames recorded was around 8 per minute, there where 5 access points visible from the location I was running the tests from on the same channel.

This shows the techniques will work, however need to set-up some experiments to confirm the base line of requests and whether a detectable amount of requests can be recorded from a car driving past.