Nmap Development mailing list archives
Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points
From: Ron <ron () skullsecurity net>
Date: Thu, 16 Jun 2011 19:49:21 -0500
Sweet! I was thinking of doing the same, but didn't realize it'd be that easy. Thanks for clarifying :) On Fri, 17 Jun 2011 02:41:07 +0200 Gorjan Petrovski <mogi57 () gmail com> wrote:
I personally indeed ran into this. This script was originally meant as a snmp-bssid-geolocation script, so we'd get all the MAC addresses through snmp, which lists them fine. While I was in the middle of exploring SNMP and how to gather the MAC addresses, David noticed that the snmp-interfaces already gathers all the MAC addresses, so I just made a patch for it in order to save the MAC addresses to the nmap.registry. Later we decided to add a script argument so for user friendliness. On Thu, Jun 16, 2011 at 11:57 PM, Ron <ron () skullsecurity net> wrote:Hey, Me and Tom Sellers both attempted to write this script awhile back and ran into a serious issue: on the majority of routers I tested, the BSSID wasn't equal the to the Mac Address. Therefore, the geolocation lookup was almost always wrong. I found that certain routers, such as Linksys, had a mathematical relationship between the BSSID and Mac address (one was 2 higher than the other, I think), but that was anything but consistent. Just wondering if you've run into this? Ron On Sun, 22 May 2011 09:52:50 +0200 Gorjan Petrovski <mogi57 () gmail com> wrote:Hello, Here is the mac-geolocation script which queries the Google and Skyhook geolocation services for a location, using the BSSID (MAC) address of a WiFi access point. Google Geolocation lookup related information: When given a wrong MAC address, or a nonexistant MAC the Google API for geolocation of MAC addresses makes an IP geolocation of the host which is making the geolookup request (which is us). This IP based geolookup generates a response which has an accuracy field containing a high value (meaning low accuracy). So, in order to separate the MAC-based responses from the IP-based ones, we do a lookup of a non-valid MAC address "00", and compare all the results with that one: if the results match, and the accuracy is larger than 2000 (meters?) than it's probably safe to say that the geolookup was made based on our IP address. Google Geolocation API Protocol: http://code.google.com/apis/gears/geolocation_network_protocol.html Skyhook Geolocation lookup related information: The Skyhook API used here is not officially documented by Skyhook. Skyhook API does not return results for a MAC lookup if the country containing the results is different from our country (country of the host querying the API) Because of this, and the slow process of updating the Skyhook database, I've not yet been able to test the Skyhook-based lookup, so would someone living in the US please test it against a MAC address which he knows that is in the Skyhook database? Thanks! Should I shorten the output, or add a Google Maps link? The output currently looks like this: | mac-geolocation: | 00:24:B2:1E:24:FE | Google | longitude: -93.100682 | latitude: 44.9507415 | accuracy: 1025 | address: | city: "St Paul" | country: "United States" | county: "Ramsey" | country_code: "US" | region: "Minnesota" | SkyHook | longitude: -93.100682 | latitude: 44.9507415 | address: | street-number: | address-line: | city: "St Paul" | postal-code: | county: "Ramsey" |_ state: "Minnesota" All comments are welcomed :-) Cheers, Gorjan_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- Gorjan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points, (continued)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Gorjan Petrovski (May 23)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Fyodor (May 23)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Gorjan Petrovski (May 27)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Fyodor (May 27)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Djalal Harouni (May 28)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Gorjan Petrovski (May 28)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Patrick Donnelly (May 28)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Gorjan Petrovski (May 29)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Gorjan Petrovski (Jun 16)
- Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points Ron (Jun 16)